mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge cedar with mozilla-central

This commit is contained in:
Boris Zbarsky 2011-05-05 12:24:41 -04:00
Родитель 40985caabc 541b030199
Коммит 98e5ce2261
129 изменённых файлов: 8657 добавлений и 5918 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
accessible/src/atk/nsAccessibleWrap.cpp
Просмотреть файл

@ -718,20 +718,18 @@ const gchar *
getDescriptionCB(AtkObject *aAtkObj)
{
nsAccessibleWrap *accWrap = GetAccessibleWrap(aAtkObj);
if (!accWrap) {
if (!accWrap || accWrap->IsDefunct())
return nsnull;
}
/* nsIAccessible is responsible for the non-NULL description */
nsAutoString uniDesc;
nsresult rv = accWrap->GetDescription(uniDesc);
NS_ENSURE_SUCCESS(rv, nsnull);
accWrap->Description(uniDesc);
NS_ConvertUTF8toUTF16 objDesc(aAtkObj->description);
if (!uniDesc.Equals(objDesc)) {
if (!uniDesc.Equals(objDesc))
atk_object_set_description(aAtkObj,
NS_ConvertUTF16toUTF8(uniDesc).get());
}
return aAtkObj->description;
}

60
accessible/src/base/nsAccessible.cpp
Просмотреть файл

@ -272,54 +272,60 @@ nsAccessible::GetName(nsAString& aName)
return NS_OK;
}
NS_IMETHODIMP nsAccessible::GetDescription(nsAString& aDescription)
NS_IMETHODIMP
nsAccessible::GetDescription(nsAString& aDescription)
{
if (IsDefunct())
return NS_ERROR_FAILURE;
nsAutoString desc;
Description(desc);
aDescription.Assign(desc);
return NS_OK;
}
void
nsAccessible::Description(nsString& aDescription)
{
// There are 4 conditions that make an accessible have no accDescription:
// 1. it's a text node; or
// 2. It has no DHTML describedby property
// 3. it doesn't have an accName; or
// 4. its title attribute already equals to its accName nsAutoString name;
if (!mContent->IsNodeOfType(nsINode::eTEXT)) {
nsAutoString description;
nsresult rv = nsTextEquivUtils::
GetTextEquivFromIDRefs(this, nsAccessibilityAtoms::aria_describedby,
description);
NS_ENSURE_SUCCESS(rv, rv);
if (mContent->IsNodeOfType(nsINode::eTEXT))
return;
if (description.IsEmpty()) {
PRBool isXUL = mContent->IsXUL();
if (isXUL) {
// Try XUL <description control="[id]">description text</description>
XULDescriptionIterator iter(GetDocAccessible(), mContent);
nsAccessible* descr = nsnull;
while ((descr = iter.Next())) {
nsTextEquivUtils::
AppendTextEquivFromContent(this, descr->GetContent(), &description);
}
nsTextEquivUtils::
GetTextEquivFromIDRefs(this, nsAccessibilityAtoms::aria_describedby,
aDescription);
if (aDescription.IsEmpty()) {
PRBool isXUL = mContent->IsXUL();
if (isXUL) {
// Try XUL <description control="[id]">description text</description>
XULDescriptionIterator iter(GetDocAccessible(), mContent);
nsAccessible* descr = nsnull;
while ((descr = iter.Next()))
nsTextEquivUtils::AppendTextEquivFromContent(this, descr->GetContent(),
&aDescription);
}
if (description.IsEmpty()) {
if (aDescription.IsEmpty()) {
nsIAtom *descAtom = isXUL ? nsAccessibilityAtoms::tooltiptext :
nsAccessibilityAtoms::title;
if (mContent->GetAttr(kNameSpaceID_None, descAtom, description)) {
if (mContent->GetAttr(kNameSpaceID_None, descAtom, aDescription)) {
nsAutoString name;
GetName(name);
if (name.IsEmpty() || description == name) {
if (name.IsEmpty() || aDescription == name)
// Don't use tooltip for a description if this object
// has no name or the tooltip is the same as the name
description.Truncate();
}
aDescription.Truncate();
}
}
}
description.CompressWhitespace();
aDescription = description;
}
return NS_OK;
aDescription.CompressWhitespace();
}
// mask values for ui.key.chromeAccess and ui.key.contentAccess

5
accessible/src/base/nsAccessible.h
Просмотреть файл

@ -119,6 +119,11 @@ public:
//////////////////////////////////////////////////////////////////////////////
// Public methods
/**
* get the description of this accessible
*/
virtual void Description(nsString& aDescription);
/**
* Returns the accessible name specified by ARIA.
*/

5
accessible/src/base/nsApplicationAccessible.cpp
Просмотреть файл

@ -127,11 +127,10 @@ nsApplicationAccessible::GetValue(nsAString &aValue)
return NS_OK;
}
NS_IMETHODIMP
nsApplicationAccessible::GetDescription(nsAString &aDescription)
void
nsApplicationAccessible::Description(nsString &aDescription)
{
aDescription.Truncate();
return NS_OK;
}
NS_IMETHODIMP

2
accessible/src/base/nsApplicationAccessible.h
Просмотреть файл

@ -92,7 +92,6 @@ public:
NS_IMETHOD GetPreviousSibling(nsIAccessible **aPreviousSibling);
NS_IMETHOD GetName(nsAString &aName);
NS_IMETHOD GetValue(nsAString &aValue);
NS_IMETHOD GetDescription(nsAString &aDescription);
NS_IMETHOD GetKeyboardShortcut(nsAString &aKeyboardShortcut);
NS_IMETHOD GetAttributes(nsIPersistentProperties **aAttributes);
NS_IMETHOD GroupPosition(PRInt32 *aGroupLevel, PRInt32 *aSimilarItemsInGroup,
@ -123,6 +122,7 @@ public:
// nsAccessible
virtual void ApplyARIAState(PRUint64* aState);
virtual void Description(nsString& aDescription);
virtual PRUint32 NativeRole();
virtual PRUint64 State();
virtual PRUint64 NativeState();

15
accessible/src/base/nsDocAccessible.cpp
Просмотреть файл

@ -273,21 +273,16 @@ nsDocAccessible::SetRoleMapEntry(nsRoleMapEntry* aRoleMapEntry)
}
}
NS_IMETHODIMP
nsDocAccessible::GetDescription(nsAString& aDescription)
void
nsDocAccessible::Description(nsString& aDescription)
{
if (mParent)
mParent->GetDescription(aDescription);
mParent->Description(aDescription);
if (aDescription.IsEmpty()) {
nsAutoString description;
if (aDescription.IsEmpty())
nsTextEquivUtils::
GetTextEquivFromIDRefs(this, nsAccessibilityAtoms::aria_describedby,
description);
aDescription = description;
}
return NS_OK;
aDescription);
}
// nsAccessible public method

2
accessible/src/base/nsDocAccessible.h
Просмотреть файл

@ -93,7 +93,6 @@ public:
// nsIAccessible
NS_IMETHOD GetName(nsAString& aName);
NS_IMETHOD GetDescription(nsAString& aDescription);
NS_IMETHOD GetAttributes(nsIPersistentProperties **aAttributes);
NS_IMETHOD GetFocusedChild(nsIAccessible **aFocusedChild);
NS_IMETHOD TakeFocus(void);
@ -114,6 +113,7 @@ public:
virtual nsIDocument* GetDocumentNode() const { return mDocument; }
// nsAccessible
virtual void Description(nsString& aDescription);
virtual PRUint32 NativeRole();
virtual PRUint64 NativeState();
virtual void ApplyARIAState(PRUint64* aState);

6
accessible/src/html/nsHTMLImageMapAccessible.cpp
Просмотреть файл

@ -168,8 +168,8 @@ nsHTMLAreaAccessible::GetNameInternal(nsAString & aName)
return NS_OK;
}
NS_IMETHODIMP
nsHTMLAreaAccessible::GetDescription(nsAString& aDescription)
void
nsHTMLAreaAccessible::Description(nsString& aDescription)
{
aDescription.Truncate();
@ -177,8 +177,6 @@ nsHTMLAreaAccessible::GetDescription(nsAString& aDescription)
nsCOMPtr<nsIDOMHTMLAreaElement> area(do_QueryInterface(mContent));
if (area)
area->GetShape(aDescription);
return NS_OK;
}
NS_IMETHODIMP

2
accessible/src/html/nsHTMLImageMapAccessible.h
Просмотреть файл

@ -87,11 +87,11 @@ public:
nsHTMLAreaAccessible(nsIContent *aContent, nsIWeakReference *aShell);
// nsIAccessible
NS_IMETHOD GetDescription(nsAString& aDescription);
NS_IMETHOD GetBounds(PRInt32 *x, PRInt32 *y, PRInt32 *width, PRInt32 *height);
// nsAccessible
virtual void Description(nsString& aDescription);
virtual nsresult GetNameInternal(nsAString& aName);
virtual PRUint64 NativeState();
virtual nsAccessible* GetChildAtPoint(PRInt32 aX, PRInt32 aY,

13
accessible/src/html/nsHTMLSelectAccessible.cpp
Просмотреть файл

@ -727,18 +727,19 @@ nsHTMLComboboxAccessible::NativeState()
return state;
}
NS_IMETHODIMP nsHTMLComboboxAccessible::GetDescription(nsAString& aDescription)
void
nsHTMLComboboxAccessible::Description(nsString& aDescription)
{
aDescription.Truncate();
// First check to see if combo box itself has a description, perhaps through
// tooltip (title attribute) or via aria-describedby
nsAccessible::GetDescription(aDescription);
if (!aDescription.IsEmpty()) {
return NS_OK;
}
nsAccessible::Description(aDescription);
if (!aDescription.IsEmpty())
return;
// Use description of currently focused option
nsAccessible *option = GetFocusedOptionAccessible();
return option ? option->GetDescription(aDescription) : NS_OK;
if (option)
option->Description(aDescription);
}
nsAccessible *

2
accessible/src/html/nsHTMLSelectAccessible.h
Просмотреть файл

@ -184,7 +184,6 @@ public:
// nsIAccessible
NS_IMETHOD GetValue(nsAString& _retval);
NS_IMETHOD GetDescription(nsAString& aDescription);
NS_IMETHOD DoAction(PRUint8 index);
NS_IMETHOD GetNumActions(PRUint8 *aNumActions);
NS_IMETHOD GetActionName(PRUint8 aIndex, nsAString& aName);
@ -193,6 +192,7 @@ public:
virtual void Shutdown();
// nsAccessible
virtual void Description(nsString& aDescription);
virtual PRUint32 NativeRole();
virtual PRUint64 NativeState();
virtual void InvalidateChildren();

19
accessible/src/html/nsHTMLTableAccessible.cpp
Просмотреть файл

@ -1260,14 +1260,14 @@ nsHTMLTableAccessible::GetCellAt(PRInt32 aRowIndex,
return rv;
}
NS_IMETHODIMP nsHTMLTableAccessible::GetDescription(nsAString& aDescription)
void
nsHTMLTableAccessible::Description(nsString& aDescription)
{
// Helpful for debugging layout vs. data tables
aDescription.Truncate();
nsAccessible::GetDescription(aDescription);
if (!aDescription.IsEmpty()) {
return NS_OK;
}
nsAccessible::Description(aDescription);
if (!aDescription.IsEmpty())
return;
nsCOMPtr<nsIAccessible> captionAccessible;
GetCaption(getter_AddRefs(captionAccessible));
@ -1276,10 +1276,9 @@ NS_IMETHODIMP nsHTMLTableAccessible::GetDescription(nsAString& aDescription)
nsCOMPtr<nsIDOMNode> captionNode;
captionAccessNode->GetDOMNode(getter_AddRefs(captionNode));
nsCOMPtr<nsIContent> captionContent = do_QueryInterface(captionNode);
if (captionContent) {
nsTextEquivUtils::
AppendTextEquivFromContent(this, captionContent, &aDescription);
}
if (captionContent)
nsTextEquivUtils::AppendTextEquivFromContent(this, captionContent,
&aDescription);
}
#ifdef SHOW_LAYOUT_HEURISTIC
if (aDescription.IsEmpty()) {
@ -1291,8 +1290,6 @@ NS_IMETHODIMP nsHTMLTableAccessible::GetDescription(nsAString& aDescription)
printf("\nTABLE: %s\n", NS_ConvertUTF16toUTF8(mLayoutHeuristic).get());
#endif
#endif
return NS_OK;
}
PRBool

2
accessible/src/html/nsHTMLTableAccessible.h
Просмотреть файл

@ -131,11 +131,11 @@ public:
NS_DECLARE_STATIC_IID_ACCESSOR(NS_TABLEACCESSIBLE_IMPL_CID)
// nsIAccessible
NS_IMETHOD GetDescription(nsAString& aDescription);
NS_IMETHOD GetRelationByType(PRUint32 aRelationType,
nsIAccessibleRelation **aRelation);
// nsAccessible
virtual void Description(nsString& aDescription);
virtual nsresult GetNameInternal(nsAString& aName);
virtual PRUint32 NativeRole();
virtual PRUint64 NativeState();

5
accessible/src/mac/mozAccessible.mm
Просмотреть файл

@ -518,8 +518,11 @@ GetNativeFromGeckoAccessible(nsIAccessible *anAccessible)
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if (mGeckoAccessible->IsDefunct())
return nil;
nsAutoString desc;
mGeckoAccessible->GetDescription (desc);
mGeckoAccessible->Description(desc);
return desc.IsEmpty() ? nil : [NSString stringWithCharacters:desc.BeginReading() length:desc.Length()];
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;

4
accessible/src/msaa/nsAccessibleWrap.cpp
Просмотреть файл

@ -333,11 +333,11 @@ __try {
*pszDescription = NULL;
nsAccessible *xpAccessible = GetXPAccessibleFor(varChild);
if (!xpAccessible)
if (!xpAccessible || xpAccessible->IsDefunct())
return E_FAIL;
nsAutoString description;
xpAccessible->GetDescription(description);
xpAccessible->Description(description);
*pszDescription = ::SysAllocStringLen(description.get(),
description.Length());

18
accessible/src/xforms/nsXFormsAccessible.cpp
Просмотреть файл

@ -197,21 +197,15 @@ nsXFormsAccessible::GetNameInternal(nsAString& aName)
return GetBoundChildElementValue(NS_LITERAL_STRING("label"), aName);
}
NS_IMETHODIMP
nsXFormsAccessible::GetDescription(nsAString& aDescription)
void
nsXFormsAccessible::Description(nsString& aDescription)
{
nsAutoString description;
nsresult rv = nsTextEquivUtils::
nsTextEquivUtils::
GetTextEquivFromIDRefs(this, nsAccessibilityAtoms::aria_describedby,
description);
aDescription);
if (NS_SUCCEEDED(rv) && !description.IsEmpty()) {
aDescription = description;
return NS_OK;
}
// search the xforms:hint element
return GetBoundChildElementValue(NS_LITERAL_STRING("hint"), aDescription);
if (aDescription.IsEmpty())
GetBoundChildElementValue(NS_LITERAL_STRING("hint"), aDescription);
}
PRBool

5
accessible/src/xforms/nsXFormsAccessible.h
Просмотреть файл

@ -77,10 +77,9 @@ public:
// Returns value of instance node that xforms element is bound to.
NS_IMETHOD GetValue(nsAString& aValue);
// Returns value of child xforms 'hint' element.
NS_IMETHOD GetDescription(nsAString& aDescription);
// nsAccessible
// Returns value of child xforms 'hint' element.
virtual void Description(nsString& aDescription);
// Returns value of child xforms 'label' element.
virtual nsresult GetNameInternal(nsAString& aName);

11
accessible/src/xforms/nsXFormsFormControlsAccessible.cpp
Просмотреть файл

@ -64,15 +64,12 @@ nsXFormsLabelAccessible::GetNameInternal(nsAString& aName)
return NS_OK;
}
NS_IMETHODIMP
nsXFormsLabelAccessible::GetDescription(nsAString& aDescription)
void
nsXFormsLabelAccessible::Description(nsString& aDescription)
{
nsAutoString description;
nsresult rv = nsTextEquivUtils::
nsTextEquivUtils::
GetTextEquivFromIDRefs(this, nsAccessibilityAtoms::aria_describedby,
description);
aDescription = description;
return rv;
aDescription);
}

4
accessible/src/xforms/nsXFormsFormControlsAccessible.h
Просмотреть файл

@ -50,10 +50,8 @@ class nsXFormsLabelAccessible : public nsXFormsAccessible
public:
nsXFormsLabelAccessible(nsIContent *aContent, nsIWeakReference *aShell);
// nsIAccessible
NS_IMETHOD GetDescription(nsAString& aDescription);
// nsAccessible
virtual void Description(nsString& aDescription);
virtual nsresult GetNameInternal(nsAString& aName);
virtual PRUint32 NativeRole();
};

5
accessible/src/xforms/nsXFormsWidgetsAccessible.cpp
Просмотреть файл

@ -177,11 +177,10 @@ nsXFormsComboboxPopupWidgetAccessible::GetNameInternal(nsAString& aName)
return NS_OK;
}
NS_IMETHODIMP
nsXFormsComboboxPopupWidgetAccessible::GetDescription(nsAString& aDescription)
void
nsXFormsComboboxPopupWidgetAccessible::Description(nsString& aDescription)
{
aDescription.Truncate();
return NS_OK;
}
void

2
accessible/src/xforms/nsXFormsWidgetsAccessible.h
Просмотреть файл

@ -91,9 +91,9 @@ public:
// nsIAccessible
NS_IMETHOD GetValue(nsAString& aValue);
NS_IMETHOD GetDescription(nsAString& aDescription);
// nsAccessible
virtual void Description(nsString& aDescription);
virtual nsresult GetNameInternal(nsAString& aName);
virtual PRUint32 NativeRole();
virtual PRUint64 NativeState();

21
accessible/src/xul/nsXULComboboxAccessible.cpp
Просмотреть файл

@ -112,32 +112,25 @@ nsXULComboboxAccessible::GetValue(nsAString& aValue)
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsXULComboboxAccessible::GetDescription(nsAString& aDescription)
void
nsXULComboboxAccessible::Description(nsString& aDescription)
{
aDescription.Truncate();
if (IsDefunct())
return NS_ERROR_FAILURE;
// Use description of currently focused option
nsCOMPtr<nsIDOMXULMenuListElement> menuListElm(do_QueryInterface(mContent));
if (!menuListElm)
return NS_ERROR_FAILURE;
return;
nsCOMPtr<nsIDOMXULSelectControlItemElement> focusedOptionItem;
menuListElm->GetSelectedItem(getter_AddRefs(focusedOptionItem));
nsCOMPtr<nsIContent> focusedOptionContent =
do_QueryInterface(focusedOptionItem);
if (focusedOptionContent) {
nsAccessible *focusedOption =
GetAccService()->GetAccessibleInWeakShell(focusedOptionContent, mWeakShell);
NS_ENSURE_TRUE(focusedOption, NS_ERROR_FAILURE);
return focusedOption->GetDescription(aDescription);
nsAccessible* focusedOptionAcc = GetAccService()->
GetAccessibleInWeakShell(focusedOptionContent, mWeakShell);
if (focusedOptionAcc)
focusedOptionAcc->Description(aDescription);
}
return NS_OK;
}
PRBool

2
accessible/src/xul/nsXULComboboxAccessible.h
Просмотреть файл

@ -55,12 +55,12 @@ public:
// nsIAccessible
NS_IMETHOD GetValue(nsAString& aValue);
NS_IMETHOD GetDescription(nsAString& aDescription);
NS_IMETHOD DoAction(PRUint8 aIndex);
NS_IMETHOD GetNumActions(PRUint8 *aNumActions);
NS_IMETHOD GetActionName(PRUint8 aIndex, nsAString& aName);
// nsAccessible
virtual void Description(nsString& aDescription);
virtual PRUint32 NativeRole();
virtual PRUint64 NativeState();
virtual PRBool GetAllowsAnonChildAccessibles();

9
accessible/src/xul/nsXULListboxAccessible.cpp
Просмотреть файл

@ -861,6 +861,15 @@ nsXULListitemAccessible::GetListAccessible()
return GetAccService()->GetAccessibleInWeakShell(listContent, mWeakShell);
}
////////////////////////////////////////////////////////////////////////////////
// nsXULListitemAccessible nsAccessible
void
nsXULListitemAccessible::Description(nsString& aDesc)
{
nsAccessibleWrap::Description(aDesc);
}
////////////////////////////////////////////////////////////////////////////////
// nsXULListitemAccessible. nsIAccessible

2
accessible/src/xul/nsXULListboxAccessible.h
Просмотреть файл

@ -123,9 +123,9 @@ public:
// nsIAccessible
NS_IMETHOD GetActionName(PRUint8 index, nsAString& aName);
// Don't use XUL menuitems's description attribute
NS_IMETHOD GetDescription(nsAString& aDesc) { return nsAccessibleWrap::GetDescription(aDesc); }
// nsAccessible
virtual void Description(nsString& aDesc);
virtual nsresult GetNameInternal(nsAString& aName);
virtual PRUint32 NativeRole();
virtual PRUint64 NativeState();

9
accessible/src/xul/nsXULMenuAccessible.cpp
Просмотреть файл

@ -378,16 +378,11 @@ nsXULMenuitemAccessible::GetNameInternal(nsAString& aName)
return NS_OK;
}
NS_IMETHODIMP
nsXULMenuitemAccessible::GetDescription(nsAString& aDescription)
void
nsXULMenuitemAccessible::Description(nsString& aDescription)
{
if (IsDefunct())
return NS_ERROR_FAILURE;
mContent->GetAttr(kNameSpaceID_None, nsAccessibilityAtoms::description,
aDescription);
return NS_OK;
}
//return menu accesskey: N or Alt+F

2
accessible/src/xul/nsXULMenuAccessible.h
Просмотреть файл

@ -82,7 +82,6 @@ public:
nsXULMenuitemAccessible(nsIContent *aContent, nsIWeakReference *aShell);
// nsIAccessible
NS_IMETHOD GetDescription(nsAString& aDescription);
NS_IMETHOD GetKeyboardShortcut(nsAString& _retval);
NS_IMETHOD GetDefaultKeyBinding(nsAString& aKeyBinding);
NS_IMETHOD DoAction(PRUint8 index);
@ -90,6 +89,7 @@ public:
NS_IMETHOD GetNumActions(PRUint8 *_retval);
// nsAccessible
virtual void Description(nsString& aDescription);
virtual nsresult GetNameInternal(nsAString& aName);
virtual PRUint32 NativeRole();
virtual PRUint64 NativeState();

4
accessible/tests/mochitest/text/Makefile.in
Просмотреть файл

@ -50,8 +50,8 @@ _TEST_FILES = \
test_doc.html \
test_hypertext.html \
test_passwords.html \
test_singleline.html \
test_whitespaces.html \
$(warning test_singleline.html disabled due to bug 652459) \
$(warning test_whitespaces.html disabled due to bug 652459) \
test_words.html \
$(NULL)

4
configure.in
Просмотреть файл

@ -2188,9 +2188,9 @@ ia64*-hpux*)
esac
# If we're building with --enable-profiling, we need a frame pointer.
if test -z "$MOZ_PROFILING"; then
MOZ_OPTIMIZE_FLAGS="-O3 -fomit-frame-pointer"
MOZ_OPTIMIZE_FLAGS="-Os -freorder-blocks -fomit-frame-pointer $MOZ_OPTIMIZE_SIZE_TWEAK"
else
MOZ_OPTIMIZE_FLAGS="-O3 -fno-omit-frame-pointer"
MOZ_OPTIMIZE_FLAGS="-Os -freorder-blocks -fno-omit-frame-pointer $MOZ_OPTIMIZE_SIZE_TWEAK"
fi
MOZ_DEBUG_FLAGS="-g"
fi

18
ipc/glue/RPCChannel.cpp
Просмотреть файл

@ -330,7 +330,7 @@ RPCChannel::MaybeUndeferIncall()
RPC_ASSERT(mDeferred.top().rpc_remote_stack_depth_guess() <= stackDepth,
"fatal logic error");
if (mDeferred.top().rpc_remote_stack_depth_guess() < stackDepth)
if (mDeferred.top().rpc_remote_stack_depth_guess() < RemoteViewOfStackDepth(stackDepth))
return;
// maybe time to process this message
@ -435,6 +435,13 @@ RPCChannel::OnMaybeDequeueOne()
return true;
}
size_t
RPCChannel::RemoteViewOfStackDepth(size_t stackDepth) const
{
AssertWorkerThread();
return stackDepth - mOutOfTurnReplies.size();
}
void
RPCChannel::Incall(const Message& call, size_t stackDepth)
{
@ -445,14 +452,7 @@ RPCChannel::Incall(const Message& call, size_t stackDepth)
// Race detection: see the long comment near
// mRemoteStackDepthGuess in RPCChannel.h. "Remote" stack depth
// means our side, and "local" means other side.
//
// We compare the remote stack depth guess against the "remote
// view of stack depth" because of out-of-turn replies. When we
// receive one, our actual RPC stack depth doesn't decrease, but
// the other side (that sent the reply) thinks it has. So, just
// adjust down by the number of out-of-turn replies.
size_t remoteViewOfStackDepth = (stackDepth - mOutOfTurnReplies.size());
if (call.rpc_remote_stack_depth_guess() != remoteViewOfStackDepth) {
if (call.rpc_remote_stack_depth_guess() != RemoteViewOfStackDepth(stackDepth)) {
// RPC in-calls have raced.
// the "winner", if there is one, gets to defer processing of
// the other side's in-call

12
ipc/glue/RPCChannel.h
Просмотреть файл

@ -207,6 +207,18 @@ protected:
*/
bool OnMaybeDequeueOne();
/**
* The "remote view of stack depth" can be different than the
* actual stack depth when there are out-of-turn replies. When we
* receive one, our actual RPC stack depth doesn't decrease, but
* the other side (that sent the reply) thinks it has. So, the
* "view" returned here is |stackDepth| minus the number of
* out-of-turn replies.
*
* Only called from the worker thread.
*/
size_t RemoteViewOfStackDepth(size_t stackDepth) const;
void Incall(const Message& call, size_t stackDepth);
void DispatchIncall(const Message& call);

1
ipc/ipdl/test/cxx/Makefile.in
Просмотреть файл

@ -75,6 +75,7 @@ IPDLTESTS = \
TestRaceDeferral \
TestRacyReentry \
TestRacyRPCReplies \
TestRacyUndefer \
TestSanity \
TestSelfManageRoot \
TestShmem \

28
ipc/ipdl/test/cxx/PTestRacyUndefer.ipdl Normal file
Просмотреть файл

@ -0,0 +1,28 @@
namespace mozilla {
namespace _ipdltest {
rpc protocol PTestRacyUndefer {
child:
async Start();
async AwakenSpam();
async AwakenRaceWinTwice();
rpc Race();
async __delete__();
parent:
rpc Spam();
rpc RaceWinTwice();
async Done();
};
} // namespace mozilla
} // namespace _ipdltest

115
ipc/ipdl/test/cxx/TestRacyUndefer.cpp Normal file
Просмотреть файл

@ -0,0 +1,115 @@
#include "base/basictypes.h"
#include "TestRacyUndefer.h"
#include "IPDLUnitTests.h" // fail etc.
namespace mozilla {
namespace _ipdltest {
//-----------------------------------------------------------------------------
// parent
TestRacyUndeferParent::TestRacyUndeferParent()
{
MOZ_COUNT_CTOR(TestRacyUndeferParent);
}
TestRacyUndeferParent::~TestRacyUndeferParent()
{
MOZ_COUNT_DTOR(TestRacyUndeferParent);
}
void
TestRacyUndeferParent::Main()
{
if (!SendStart())
fail("sending Start");
}
bool
TestRacyUndeferParent::AnswerSpam()
{
static bool spammed = false;
static bool raced = false;
if (!spammed) {
spammed = true;
if (!SendAwakenSpam())
fail("sending AwakenSpam");
}
else if (!raced) {
raced = true;
if (!SendAwakenRaceWinTwice())
fail("sending WinRaceTwice");
if (!CallRace())
fail("calling Race1");
}
return true;
}
bool
TestRacyUndeferParent::AnswerRaceWinTwice()
{
return true;
}
bool
TestRacyUndeferParent::RecvDone()
{
Close();
return true;
}
//-----------------------------------------------------------------------------
// child
TestRacyUndeferChild::TestRacyUndeferChild()
{
MOZ_COUNT_CTOR(TestRacyUndeferChild);
}
TestRacyUndeferChild::~TestRacyUndeferChild()
{
MOZ_COUNT_DTOR(TestRacyUndeferChild);
}
bool
TestRacyUndeferChild::RecvStart()
{
if (!CallSpam())
fail("calling Spam");
if (!SendDone())
fail("sending Done");
return true;
}
bool
TestRacyUndeferChild::RecvAwakenSpam()
{
if (!CallSpam())
fail("calling Spam");
return true;
}
bool
TestRacyUndeferChild::RecvAwakenRaceWinTwice()
{
if (!CallRaceWinTwice())
fail("calling RaceWinTwice");
return true;
}
bool
TestRacyUndeferChild::AnswerRace()
{
return true;
}
} // namespace _ipdltest
} // namespace mozilla

76
ipc/ipdl/test/cxx/TestRacyUndefer.h Normal file
Просмотреть файл

@ -0,0 +1,76 @@
#ifndef mozilla__ipdltest_TestRacyUndefer_h
#define mozilla__ipdltest_TestRacyUndefer_h 1
#include "mozilla/_ipdltest/IPDLUnitTests.h"
#include "mozilla/_ipdltest/PTestRacyUndeferParent.h"
#include "mozilla/_ipdltest/PTestRacyUndeferChild.h"
namespace mozilla {
namespace _ipdltest {
class TestRacyUndeferParent :
public PTestRacyUndeferParent
{
public:
TestRacyUndeferParent();
virtual ~TestRacyUndeferParent();
void Main();
protected:
NS_OVERRIDE
virtual bool AnswerSpam();
NS_OVERRIDE
virtual bool AnswerRaceWinTwice();
NS_OVERRIDE
virtual bool RecvDone();
NS_OVERRIDE
virtual void ActorDestroy(ActorDestroyReason why)
{
if (NormalShutdown != why)
fail("unexpected destruction!");
passed("ok");
QuitParent();
}
};
class TestRacyUndeferChild :
public PTestRacyUndeferChild
{
public:
TestRacyUndeferChild();
virtual ~TestRacyUndeferChild();
protected:
NS_OVERRIDE
virtual bool RecvStart();
NS_OVERRIDE
virtual bool RecvAwakenSpam();
NS_OVERRIDE
virtual bool RecvAwakenRaceWinTwice();
NS_OVERRIDE
virtual bool AnswerRace();
NS_OVERRIDE
virtual void ActorDestroy(ActorDestroyReason why)
{
if (NormalShutdown != why)
fail("unexpected destruction!");
QuitChild();
}
};
} // namespace _ipdltest
} // namespace mozilla
#endif // ifndef mozilla__ipdltest_TestRacyUndefer_h

1
ipc/ipdl/test/cxx/ipdl.mk
Просмотреть файл

@ -23,6 +23,7 @@ IPDLSRCS = \
PTestRaceDeferral.ipdl \
PTestRacyReentry.ipdl \
PTestRacyRPCReplies.ipdl \
PTestRacyUndefer.ipdl \
PTestRPCErrorCleanup.ipdl \
PTestRPCRaces.ipdl \
PTestRPCShutdownRace.ipdl \

4
js/src/configure.in
Просмотреть файл

@ -2107,9 +2107,9 @@ ia64*-hpux*)
esac
# If we're building with --enable-profiling, we need a frame pointer.
if test -z "$MOZ_PROFILING"; then
MOZ_OPTIMIZE_FLAGS="-O3 -fomit-frame-pointer"
MOZ_OPTIMIZE_FLAGS="-Os -freorder-blocks -fomit-frame-pointer $MOZ_OPTIMIZE_SIZE_TWEAK"
else
MOZ_OPTIMIZE_FLAGS="-O3 -fno-omit-frame-pointer"
MOZ_OPTIMIZE_FLAGS="-Os -freorder-blocks -fno-omit-frame-pointer $MOZ_OPTIMIZE_SIZE_TWEAK"
fi
MOZ_DEBUG_FLAGS="-g"
fi

2
nsprpub/TAG-INFO
Просмотреть файл

@ -1 +1 @@
NSPR_4_8_8_BETA2
NSPR_4_8_8_BETA3

1
nsprpub/config/prdepend.h
Просмотреть файл

@ -42,3 +42,4 @@
*/
#error "Do not include this header file."

46
nsprpub/configure поставляемый
Просмотреть файл

@ -4739,17 +4739,17 @@ EOF
_OPTIMIZE_FLAGS="$_OPTIMIZE_FLAGS -Olimit 4000"
ac_safe=`echo "machine/builtins.h" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for machine/builtins.h""... $ac_c" 1>&6
echo "configure:4743: checking for machine/builtins.h" >&5
echo "configure:4745: checking for machine/builtins.h" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 4748 "configure"
#line 4750 "configure"
#include "confdefs.h"
#include <machine/builtins.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:4753: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
{ (eval echo configure:4755: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@ -5398,7 +5398,7 @@ case $target in
;;
*)
echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6
echo "configure:5402: checking for dlopen in -ldl" >&5
echo "configure:5404: checking for dlopen in -ldl" >&5
ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@ -5406,7 +5406,7 @@ else
ac_save_LIBS="$LIBS"
LIBS="-ldl $LIBS"
cat > conftest.$ac_ext <<EOF
#line 5410 "configure"
#line 5412 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@ -5417,7 +5417,7 @@ int main() {
dlopen()
; return 0; }
EOF
if { (eval echo configure:5421: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:5423: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@ -5434,17 +5434,17 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
echo "$ac_t""yes" 1>&6
ac_safe=`echo "dlfcn.h" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for dlfcn.h""... $ac_c" 1>&6
echo "configure:5438: checking for dlfcn.h" >&5
echo "configure:5440: checking for dlfcn.h" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 5443 "configure"
#line 5445 "configure"
#include "confdefs.h"
#include <dlfcn.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:5448: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
{ (eval echo configure:5450: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
@ -5477,13 +5477,13 @@ esac
if test $ac_cv_prog_gcc = yes; then
echo $ac_n "checking whether ${CC-cc} needs -traditional""... $ac_c" 1>&6
echo "configure:5481: checking whether ${CC-cc} needs -traditional" >&5
echo "configure:5483: checking whether ${CC-cc} needs -traditional" >&5
if eval "test \"`echo '$''{'ac_cv_prog_gcc_traditional'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
ac_pattern="Autoconf.*'x'"
cat > conftest.$ac_ext <<EOF
#line 5487 "configure"
#line 5489 "configure"
#include "confdefs.h"
#include <sgtty.h>
Autoconf TIOCGETP
@ -5501,7 +5501,7 @@ rm -f conftest*
if test $ac_cv_prog_gcc_traditional = no; then
cat > conftest.$ac_ext <<EOF
#line 5505 "configure"
#line 5507 "configure"
#include "confdefs.h"
#include <termio.h>
Autoconf TCGETA
@ -5525,12 +5525,12 @@ fi
for ac_func in lchown strerror
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:5529: checking for $ac_func" >&5
echo "configure:5531: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 5534 "configure"
#line 5536 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@ -5553,7 +5553,7 @@ $ac_func();
; return 0; }
EOF
if { (eval echo configure:5557: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
if { (eval echo configure:5559: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@ -5604,7 +5604,7 @@ do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
echo "configure:5608: checking for $ac_word" >&5
echo "configure:5610: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_CCACHE'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@ -5663,7 +5663,7 @@ hpux*)
if test -z "$GNU_CC"; then
echo $ac_n "checking for +Olit support""... $ac_c" 1>&6
echo "configure:5667: checking for +Olit support" >&5
echo "configure:5669: checking for +Olit support" >&5
if eval "test \"`echo '$''{'ac_cv_hpux_usable_olit_option'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@ -5705,7 +5705,7 @@ wince*)
*)
echo $ac_n "checking for pthread_create in -lpthreads""... $ac_c" 1>&6
echo "configure:5709: checking for pthread_create in -lpthreads" >&5
echo "configure:5711: checking for pthread_create in -lpthreads" >&5
echo "
#include <pthread.h>
void *foo(void *v) { return v; }
@ -5727,7 +5727,7 @@ echo "
echo "$ac_t""no" 1>&6
echo $ac_n "checking for pthread_create in -lpthread""... $ac_c" 1>&6
echo "configure:5731: checking for pthread_create in -lpthread" >&5
echo "configure:5733: checking for pthread_create in -lpthread" >&5
echo "
#include <pthread.h>
void *foo(void *v) { return v; }
@ -5749,7 +5749,7 @@ echo "
echo "$ac_t""no" 1>&6
echo $ac_n "checking for pthread_create in -lc_r""... $ac_c" 1>&6
echo "configure:5753: checking for pthread_create in -lc_r" >&5
echo "configure:5755: checking for pthread_create in -lc_r" >&5
echo "
#include <pthread.h>
void *foo(void *v) { return v; }
@ -5771,7 +5771,7 @@ echo "
echo "$ac_t""no" 1>&6
echo $ac_n "checking for pthread_create in -lc""... $ac_c" 1>&6
echo "configure:5775: checking for pthread_create in -lc" >&5
echo "configure:5777: checking for pthread_create in -lc" >&5
echo "
#include <pthread.h>
void *foo(void *v) { return v; }
@ -5889,7 +5889,7 @@ if test -n "$USE_PTHREADS"; then
rm -f conftest*
ac_cv_have_dash_pthread=no
echo $ac_n "checking whether ${CC-cc} accepts -pthread""... $ac_c" 1>&6
echo "configure:5893: checking whether ${CC-cc} accepts -pthread" >&5
echo "configure:5895: checking whether ${CC-cc} accepts -pthread" >&5
echo 'int main() { return 0; }' | cat > conftest.c
${CC-cc} -pthread -o conftest conftest.c > conftest.out 2>&1
if test $? -eq 0; then
@ -5912,7 +5912,7 @@ echo "configure:5893: checking whether ${CC-cc} accepts -pthread" >&5
ac_cv_have_dash_pthreads=no
if test "$ac_cv_have_dash_pthread" = "no"; then
echo $ac_n "checking whether ${CC-cc} accepts -pthreads""... $ac_c" 1>&6
echo "configure:5916: checking whether ${CC-cc} accepts -pthreads" >&5
echo "configure:5918: checking whether ${CC-cc} accepts -pthreads" >&5
echo 'int main() { return 0; }' | cat > conftest.c
${CC-cc} -pthreads -o conftest conftest.c > conftest.out 2>&1
if test $? -eq 0; then

3
nsprpub/pr/include/prio.h
Просмотреть файл

@ -142,6 +142,9 @@ typedef enum PRTransmitFileFlags {
#define PR_AF_INET6 100
#endif
#define PR_AF_INET_SDP 101
#define PR_AF_INET6_SDP 102
#ifndef PR_AF_UNSPEC
#define PR_AF_UNSPEC 0
#endif

22
nsprpub/pr/include/prtypes.h
Просмотреть файл

@ -235,7 +235,7 @@ PR_BEGIN_EXTERN_C
** PRInt8
** DESCRIPTION:
** The int8 types are known to be 8 bits each. There is no type that
** is equivalent to a plain "char".
** is equivalent to a plain "char".
************************************************************************/
#if PR_BYTES_PER_BYTE == 1
typedef unsigned char PRUint8;
@ -274,7 +274,7 @@ typedef signed char PRInt8;
** TYPES: PRUint16
** PRInt16
** DESCRIPTION:
** The int16 types are known to be 16 bits each.
** The int16 types are known to be 16 bits each.
************************************************************************/
#if PR_BYTES_PER_SHORT == 2
typedef unsigned short PRUint16;
@ -299,7 +299,7 @@ typedef short PRInt16;
** TYPES: PRUint32
** PRInt32
** DESCRIPTION:
** The int32 types are known to be 32 bits each.
** The int32 types are known to be 32 bits each.
************************************************************************/
#if PR_BYTES_PER_INT == 4
typedef unsigned int PRUint32;
@ -372,7 +372,7 @@ typedef PRInt64 PRUint64;
** The PRIntn types are most appropriate for automatic variables. They are
** guaranteed to be at least 16 bits, though various architectures may
** define them to be wider (e.g., 32 or even 64 bits). These types are
** never valid for fields of a structure.
** never valid for fields of a structure.
************************************************************************/
#if PR_BYTES_PER_INT >= 2
typedef int PRIntn;
@ -384,14 +384,14 @@ typedef unsigned int PRUintn;
/************************************************************************
** TYPES: PRFloat64
** DESCRIPTION:
** NSPR's floating point type is always 64 bits.
** NSPR's floating point type is always 64 bits.
************************************************************************/
typedef double PRFloat64;
/************************************************************************
** TYPES: PRSize
** DESCRIPTION:
** A type for representing the size of objects.
** A type for representing the size of objects.
************************************************************************/
typedef size_t PRSize;
@ -399,7 +399,7 @@ typedef size_t PRSize;
/************************************************************************
** TYPES: PROffset32, PROffset64
** DESCRIPTION:
** A type for representing byte offsets from some location.
** A type for representing byte offsets from some location.
************************************************************************/
typedef PRInt32 PROffset32;
typedef PRInt64 PROffset64;
@ -408,7 +408,7 @@ typedef PRInt64 PROffset64;
** TYPES: PRPtrDiff
** DESCRIPTION:
** A type for pointer difference. Variables of this type are suitable
** for storing a pointer or pointer subtraction.
** for storing a pointer or pointer subtraction.
************************************************************************/
typedef ptrdiff_t PRPtrdiff;
@ -416,7 +416,7 @@ typedef ptrdiff_t PRPtrdiff;
** TYPES: PRUptrdiff
** DESCRIPTION:
** A type for pointer difference. Variables of this type are suitable
** for storing a pointer or pointer sutraction.
** for storing a pointer or pointer sutraction.
************************************************************************/
#ifdef _WIN64
typedef PRUint64 PRUptrdiff;
@ -430,7 +430,7 @@ typedef unsigned long PRUptrdiff;
** Use PRBool for variables and parameter types. Use PR_FALSE and PR_TRUE
** for clarity of target type in assignments and actual arguments. Use
** 'if (bool)', 'while (!bool)', '(bool) ? x : y' etc., to test booleans
** just as you would C int-valued conditions.
** just as you would C int-valued conditions.
************************************************************************/
typedef PRIntn PRBool;
#define PR_TRUE 1
@ -445,7 +445,7 @@ typedef PRIntn PRBool;
typedef PRUint8 PRPackedBool;
/*
** Status code used by some routines that have a single point of failure or
** Status code used by some routines that have a single point of failure or
** special status return.
*/
typedef enum { PR_FAILURE = -1, PR_SUCCESS = 0 } PRStatus;

34
nsprpub/pr/src/pthreads/ptio.c
Просмотреть файл

@ -218,6 +218,20 @@ static PRBool _pr_ipv6_v6only_on_by_default;
#error "Cannot determine architecture"
#endif
#if defined(SOLARIS)
#ifndef PROTO_SDP
/* on solaris, SDP is a new type of protocol */
#define PROTO_SDP 257
#endif
#define _PR_HAVE_SDP
#elif defined(LINUX)
#ifndef AF_INET_SDP
/* on linux, SDP is a new type of address family */
#define AF_INET_SDP 27
#endif
#define _PR_HAVE_SDP
#endif /* LINUX */
static PRFileDesc *pt_SetMethods(
PRIntn osfd, PRDescType type, PRBool isAcceptedSocket, PRBool imported);
@ -3462,6 +3476,12 @@ PR_IMPLEMENT(PRFileDesc*) PR_Socket(PRInt32 domain, PRInt32 type, PRInt32 proto)
if (PF_INET != domain
&& PR_AF_INET6 != domain
#if defined(_PR_HAVE_SDP)
&& PR_AF_INET_SDP != domain
#if defined(SOLARIS)
&& PR_AF_INET6_SDP != domain
#endif /* SOLARIS */
#endif /* _PR_HAVE_SDP */
&& PF_UNIX != domain)
{
PR_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR, 0);
@ -3474,6 +3494,20 @@ PR_IMPLEMENT(PRFileDesc*) PR_Socket(PRInt32 domain, PRInt32 type, PRInt32 proto)
(void)PR_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR, 0);
return fd;
}
#if defined(_PR_HAVE_SDP)
#if defined(LINUX)
if (PR_AF_INET_SDP == domain)
domain = AF_INET_SDP;
#elif defined(SOLARIS)
if (PR_AF_INET_SDP == domain) {
domain = AF_INET;
proto = PROTO_SDP;
} else if(PR_AF_INET6_SDP == domain) {
domain = AF_INET6;
proto = PROTO_SDP;
}
#endif /* SOLARIS */
#endif /* _PR_HAVE_SDP */
#if defined(_PR_INET6_PROBE)
if (PR_AF_INET6 == domain)
domain = _pr_ipv6_is_present() ? AF_INET6 : AF_INET;

4
security/coreconf/Darwin.mk
Просмотреть файл

@ -54,13 +54,15 @@ ifdef USE_64
CC += -arch x86_64
else
OS_REL_CFLAGS = -Di386
CC += -arch i386
endif
else
OS_REL_CFLAGS = -Dppc
CC += -arch ppc
endif
ifneq (,$(MACOS_SDK_DIR))
GCC_VERSION_FULL := $(shell $(CC) -v 2>&1 | grep "gcc version" | sed -e "s/^.*gcc version[ ]*//" | awk '{ print $$1 }')
GCC_VERSION_FULL := $(shell $(CC) -dumpversion)
GCC_VERSION_MAJOR := $(shell echo $(GCC_VERSION_FULL) | awk -F. '{ print $$1 }')
GCC_VERSION_MINOR := $(shell echo $(GCC_VERSION_FULL) | awk -F. '{ print $$2 }')
GCC_VERSION = $(GCC_VERSION_MAJOR).$(GCC_VERSION_MINOR)

2
security/coreconf/coreconf.dep
Просмотреть файл

@ -43,5 +43,3 @@
#error "Do not include this header file."

13
security/manager/ssl/crashtests/345094.html
Просмотреть файл

@ -1,13 +0,0 @@
<html><head><script>
function FUZZ(s) {
try { eval(s); } catch (e) {}
}
function boom() {
FUZZ("window.crypto.generateCRMFRequest(1048574, 1048578, 256, '', 2)")
}
</script>
</head>
<body onload="boom()">
</body>
</html>

1
security/manager/ssl/crashtests/crashtests.list
Просмотреть файл

@ -1,3 +1,2 @@
asserts-if(browserIsRemote,1) load 327524-1.html # bug 582297
load 345094.html
asserts-if(browserIsRemote,1) load 398665-1.html # bug 582297

109
security/manager/ssl/src/nsIdentityChecking.cpp
Просмотреть файл

@ -81,6 +81,12 @@ struct nsMyTrustedEVInfo
};
static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
/*
* IMPORTANT! When extending this list,
* pairs of dotted_oid and oid_name should always be unique pairs.
* In other words, if you add another list, that uses the same dotted_oid
* as an existing entry, then please use the same oid_name.
*/
{
// CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
"2.16.840.1.114171.500.9",
@ -297,6 +303,18 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"AA==",
nsnull
},
{
// CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
"2.16.840.1.114413.1.7.23.3",
"Go Daddy EV OID a",
SEC_OID_UNKNOWN,
"47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B",
"MIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2Nv"
"dHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdv"
"IERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzI=",
"AA==",
nsnull
},
{
// E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O=\"ValiCert, Inc.\",L=ValiCert Validation Network
"2.16.840.1.114413.1.7.23.3",
@ -335,6 +353,19 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"AA==",
nsnull
},
{
// CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
"2.16.840.1.114414.1.7.23.3",
"Go Daddy EV OID b",
SEC_OID_UNKNOWN,
"B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E",
"MIGPMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2Nv"
"dHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEy"
"MDAGA1UEAxMpU3RhcmZpZWxkIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0g"
"RzI=",
"AA==",
nsnull
},
{
// CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
"2.16.840.1.114412.2.1",
@ -476,6 +507,84 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"YyUAAQACFI0zFQLkbPQ=",
nsnull
},
{
// CN=AffirmTrust Commercial,O=AffirmTrust,C=US
"1.3.6.1.4.1.34697.2.1",
"AffirmTrust EV OID a",
SEC_OID_UNKNOWN,
"F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7",
"MEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwW"
"QWZmaXJtVHJ1c3QgQ29tbWVyY2lhbA==",
"d3cGJyapsXw=",
nsnull
},
{
// CN=AffirmTrust Networking,O=AffirmTrust,C=US
"1.3.6.1.4.1.34697.2.2",
"AffirmTrust EV OID b",
SEC_OID_UNKNOWN,
"29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F",
"MEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwW"
"QWZmaXJtVHJ1c3QgTmV0d29ya2luZw==",
"fE8EORzUmS0=",
nsnull
},
{
// CN=AffirmTrust Premium,O=AffirmTrust,C=US
"1.3.6.1.4.1.34697.2.3",
"AffirmTrust EV OID c",
SEC_OID_UNKNOWN,
"D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27",
"MEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEcMBoGA1UEAwwT"
"QWZmaXJtVHJ1c3QgUHJlbWl1bQ==",
"bYwURrGmCu4=",
nsnull
},
{
// CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
"1.3.6.1.4.1.34697.2.4",
"AffirmTrust EV OID d",
SEC_OID_UNKNOWN,
"B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB",
"MEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwX"
"QWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0M=",
"dJclisc/elQ=",
nsnull
},
{
// CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
"1.2.616.1.113527.2.5.1.1",
"Certum EV OID",
SEC_OID_UNKNOWN,
"07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E",
"MH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBT"
"LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAg"
"BgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0E=",
"BETA",
nsnull
},
{
// CN=Izenpe.com,O=IZENPE S.A.,C=ES
"1.3.6.1.4.1.14777.6.1.1",
"Izenpe EV OID 1",
SEC_OID_UNKNOWN,
"2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19",
"MDgxCzAJBgNVBAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwK"
"SXplbnBlLmNvbQ==",
"ALC3WhZIX7/hy/WL1xnmfQ==",
nsnull
},
{
// CN=Izenpe.com,O=IZENPE S.A.,C=ES
"1.3.6.1.4.1.14777.6.1.2",
"Izenpe EV OID 2",
SEC_OID_UNKNOWN,
"2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19",
"MDgxCzAJBgNVBAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwK"
"SXplbnBlLmNvbQ==",
"ALC3WhZIX7/hy/WL1xnmfQ==",
nsnull
},
{
// OU=Sample Certification Authority,O=\"Sample, Inc.\",C=US
"0.0.0.0",

7
security/manager/ssl/src/nsNSSIOLayer.cpp
Просмотреть файл

@ -3340,6 +3340,13 @@ cancel_and_failure(nsNSSSocketInfo* infoObject)
static SECStatus
nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
{
// cert was revoked, don't do anything else
// Calling cancel_and_failure is not necessary, and would be wrong,
// [for errors other than the ones explicitly handled below,]
// because it suppresses error reporting.
if (PR_GetError() == SEC_ERROR_REVOKED_CERTIFICATE)
return SECFailure;
nsNSSShutDownPreventionLock locker;
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo *)arg;
if (!infoObject)

2
security/nss/TAG-INFO
Просмотреть файл

@ -1 +1 @@
NSS_3_12_9_RTM
NSS_3_12_10_BETA1

6
security/nss/cmd/addbuiltin/addbuiltin.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* Tool for converting builtin CA certs.
*
* $Id: addbuiltin.c,v 1.14 2007/02/14 00:35:52 alexei.volkov.bugs%sun.com Exp $
* $Id: addbuiltin.c,v 1.14.68.1 2011/03/23 20:07:57 kaie%kuix.de Exp $
*/
#include "nssrenam.h"
@ -77,6 +77,8 @@ char *getTrustString(unsigned int trust)
return "CKT_NETSCAPE_TRUSTED_DELEGATOR";
} else if (trust & CERTDB_VALID_CA) {
return "CKT_NETSCAPE_VALID_DELEGATOR";
} else if (trust & CERTDB_VALID_PEER) {
return "CKT_NETSCAPE_VALID";
} else {
return "CKT_NETSCAPE_TRUST_UNKNOWN";
}
@ -213,7 +215,7 @@ void printheader() {
"#\n"
"# ***** END LICENSE BLOCK *****\n"
"#\n"
"CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.14 $ $Date: 2007/02/14 00:35:52 $\"\n"
"CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.14.68.1 $ $Date: 2011/03/23 20:07:57 $\"\n"
"\n"
"#\n"
"# certdata.txt\n"

544
security/nss/cmd/certutil/certutil.c
Просмотреть файл

@ -985,7 +985,7 @@ ListModules(void)
}
static void
Usage(char *progName)
PrintSyntax(char *progName)
{
#define FPS fprintf(stderr,
FPS "Type %s -H for more detailed descriptions\n", progName);
@ -1055,22 +1055,57 @@ Usage(char *progName)
exit(1);
}
static void LongUsage(char *progName)
{
enum usage_level {
usage_all = 0, usage_selected = 1
};
static void luCommonDetailsAE();
static void luA(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "A"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Add a certificate to the database (create if needed)\n",
"-A");
"-A");
if (ul == usage_selected && !is_my_command)
return;
if (ul == usage_all) {
FPS "%-20s\n", " All options under -E apply");
}
else {
luCommonDetailsAE();
}
}
static void luB(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "B"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Run a series of certutil commands from a batch file\n", "-B");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Specify the batch file\n", " -i batch-file");
}
static void luE(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "E"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Add an Email certificate to the database (create if needed)\n",
"-E");
"-E");
if (ul == usage_selected && !is_my_command)
return;
luCommonDetailsAE();
}
static void luCommonDetailsAE()
{
FPS "%-20s Specify the nickname of the certificate to add\n",
" -n cert-name");
" -n cert-name");
FPS "%-20s Set the certificate trust attributes:\n",
" -t trustargs");
" -t trustargs");
FPS "%-25s trustargs is of the form x,y,z where x is for SSL, y is for S/MIME,\n", "");
FPS "%-25s and z is for code signing\n", "");
FPS "%-25s and z is for code signing. Use ,, for no explicit trust.\n", "");
FPS "%-25s p \t valid peer\n", "");
FPS "%-25s P \t trusted peer (implies p)\n", "");
FPS "%-25s c \t valid CA\n", "");
@ -1080,39 +1115,46 @@ static void LongUsage(char *progName)
FPS "%-25s w \t send warning\n", "");
FPS "%-25s g \t make step-up cert\n", "");
FPS "%-20s Specify the password file\n",
" -f pwfile");
" -f pwfile");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s The input certificate is encoded in ASCII (RFC1113)\n",
" -a");
" -a");
FPS "%-20s Specify the certificate file (default is stdin)\n",
" -i input");
" -i input");
FPS "\n");
}
static void luC(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "C"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Create a new binary certificate from a BINARY cert request\n",
"-C");
"-C");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s The nickname of the issuer cert\n",
" -c issuer-name");
" -c issuer-name");
FPS "%-20s The BINARY certificate request file\n",
" -i cert-request ");
" -i cert-request ");
FPS "%-20s Output binary cert to this file (default is stdout)\n",
" -o output-cert");
" -o output-cert");
FPS "%-20s Self sign\n",
" -x");
" -x");
FPS "%-20s Cert serial number\n",
" -m serial-number");
" -m serial-number");
FPS "%-20s Time Warp\n",
" -w warp-months");
" -w warp-months");
FPS "%-20s Months valid (default is 3)\n",
" -v months-valid");
FPS "%-20s Specify the password file\n",
" -f pwfile");
" -f pwfile");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s \n"
"%-20s Create key usage extension. Possible keywords:\n"
"%-20s \"digitalSignature\", \"nonRepudiation\", \"keyEncipherment\",\n"
@ -1120,11 +1162,11 @@ static void LongUsage(char *progName)
"%-20s \"crlSigning\", \"critical\"\n",
" -1 | --keyUsage keyword,keyword,...", "", "", "", "");
FPS "%-20s Create basic constraint extension\n",
" -2 ");
" -2 ");
FPS "%-20s Create authority key ID extension\n",
" -3 ");
" -3 ");
FPS "%-20s Create crl distribution point extension\n",
" -4 ");
" -4 ");
FPS "%-20s \n"
"%-20s Create netscape cert type extension. Possible keywords:\n"
"%-20s \"sslClient\", \"sslServer\", \"smime\", \"objectSigning\",\n"
@ -1135,41 +1177,48 @@ static void LongUsage(char *progName)
"%-20s \"serverAuth\", \"clientAuth\",\"codeSigning\",\n"
"%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n"
"%-20s \"stepUp\", \"critical\"\n",
" -6 | --extKeyUsage keyword,keyword,...", "", "", "", "");
" -6 | --extKeyUsage keyword,keyword,...", "", "", "", "");
FPS "%-20s Create an email subject alt name extension\n",
" -7 emailAddrs");
" -7 emailAddrs");
FPS "%-20s Create an dns subject alt name extension\n",
" -8 dnsNames");
" -8 dnsNames");
FPS "%-20s The input certificate request is encoded in ASCII (RFC1113)\n",
" -a");
" -a");
FPS "\n");
}
static void luG(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "G"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Generate a new key pair\n",
"-G");
"-G");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
" -h token-name");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
" -k key-type");
" -k key-type");
FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
" -k key-type");
" -k key-type");
FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
#endif /* NSS_ENABLE_ECC */
FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
" -y exp");
" -y exp");
FPS "%-20s Specify the password file\n",
" -f password-file");
FPS "%-20s Specify the noise file to be used\n",
" -z noisefile");
" -z noisefile");
FPS "%-20s read PQG value from pqgfile (dsa only)\n",
" -q pqgfile");
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
" -q curve-name");
FPS "%-20s One of nistp256, nistp384, nistp521\n", "");
#ifdef NSS_ECC_MORE_THAN_SUITE_B
FPS "%-20s sect163k1, nistk163, sect163r1, sect163r2,\n", "");
@ -1192,167 +1241,239 @@ static void LongUsage(char *progName)
#endif /* NSS_ECC_MORE_THAN_SUITE_B */
#endif
FPS "%-20s Key database directory (default is ~/.netscape)\n",
" -d keydir");
" -d keydir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "\n");
}
static void luD(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "D"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Delete a certificate from the database\n",
"-D");
"-D");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s The nickname of the cert to delete\n",
" -n cert-name");
" -n cert-name");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "\n");
}
static void luU(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "U"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s List all modules\n", /*, or print out a single named module\n",*/
"-U");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Module database directory (default is '~/.netscape')\n",
" -d moddir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s force the database to open R/W\n",
" -X");
" -X");
FPS "\n");
}
static void luK(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "K"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s List all private keys\n",
"-K");
FPS "%-20s Name of token to search (\"all\" for all tokens)\n",
" -h token-name ");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Name of token to search (\"all\" for all tokens)\n",
" -h token-name ");
FPS "%-20s Key type (\"all\" (default), \"dsa\","
#ifdef NSS_ENABLE_ECC
" \"ec\","
#endif
" \"rsa\")\n",
" -k key-type");
" \"rsa\")\n",
" -k key-type");
FPS "%-20s The nickname of the key or associated certificate\n",
" -n name");
" -n name");
FPS "%-20s Specify the password file\n",
" -f password-file");
FPS "%-20s Key database directory (default is ~/.netscape)\n",
" -d keydir");
" -d keydir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s force the database to open R/W\n",
" -X");
" -X");
FPS "\n");
}
static void luL(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "L"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s List all certs, or print out a single named cert\n",
"-L");
"-L");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Pretty print named cert (list all if unspecified)\n",
" -n cert-name");
" -n cert-name");
FPS "%-20s \n"
"%-20s Pretty print cert with email address (list all if unspecified)\n",
" --email email-address", "");
" --email email-address", "");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s force the database to open R/W\n",
" -X");
" -X");
FPS "%-20s For single cert, print binary DER encoding\n",
" -r");
" -r");
FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n",
" -a");
" -a");
FPS "\n");
}
static void luM(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "M"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Modify trust attributes of certificate\n",
"-M");
"-M");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s The nickname of the cert to modify\n",
" -n cert-name");
" -n cert-name");
FPS "%-20s Set the certificate trust attributes (see -A above)\n",
" -t trustargs");
" -t trustargs");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "\n");
}
static void luN(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "N"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Create a new certificate database\n",
"-N");
"-N");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "\n");
}
static void luT(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "T"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Reset the Key database or token\n",
"-T");
"-T");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s Token to reset (default is internal)\n",
" -h token-name");
" -h token-name");
FPS "%-20s Set token's Site Security Officer password\n",
" -0 SSO-password");
" -0 SSO-password");
FPS "\n");
}
FPS "\n");
static void luO(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "O"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Print the chain of a certificate\n",
"-O");
"-O");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s The nickname of the cert to modify\n",
" -n cert-name");
" -n cert-name");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Input the certificate in ASCII (RFC1113); default is binary\n",
" -a");
" -a");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s force the database to open R/W\n",
" -X");
" -X");
FPS "\n");
}
static void luR(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "R"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Generate a certificate request (stdout)\n",
"-R");
"-R");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Specify the subject name (using RFC1485)\n",
" -s subject");
" -s subject");
FPS "%-20s Output the cert request to this file\n",
" -o output-req");
" -o output-req");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
#endif /* NSS_ENABLE_ECC */
" -k key-type-or-id");
" -k key-type-or-id");
FPS "%-20s or nickname of the cert key to use \n",
"");
"");
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
" -h token-name");
FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
" -q curve-name");
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
"");
"");
#endif /* NSS_ENABLE_ECC */
FPS "%-20s Specify the password file\n",
" -f pwfile");
" -f pwfile");
FPS "%-20s Key database directory (default is ~/.netscape)\n",
" -d keydir");
" -d keydir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n",
" -p phone");
" -p phone");
FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n",
" -a");
" -a");
FPS "%-20s \n",
" See -S for available extension options");
" See -S for available extension options");
FPS "\n");
}
static void luV(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "V"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Validate a certificate\n",
"-V");
"-V");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s The nickname of the cert to Validate\n",
" -n cert-name");
" -n cert-name");
FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n",
" -b time");
" -b time");
FPS "%-20s Check certificate signature \n",
" -e ");
" -e ");
FPS "%-20s Specify certificate usage:\n", " -u certusage");
FPS "%-25s C \t SSL Client\n", "");
FPS "%-25s V \t SSL Server\n", "");
@ -1361,140 +1482,205 @@ static void LongUsage(char *progName)
FPS "%-25s O \t OCSP status responder\n", "");
FPS "%-25s J \t Object signer\n", "");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Input the certificate in ASCII (RFC1113); default is binary\n",
" -a");
" -a");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s force the database to open R/W\n",
" -X");
" -X");
FPS "\n");
}
static void luW(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "W"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Change the key database password\n",
"-W");
"-W");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s cert and key database directory\n",
" -d certdir");
" -d certdir");
FPS "%-20s Specify a file with the current password\n",
" -f pwfile");
" -f pwfile");
FPS "%-20s Specify a file with the new password in two lines\n",
" -@ newpwfile");
" -@ newpwfile");
FPS "\n");
}
static void luUpgradeMerge(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "upgrade-merge"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Upgrade an old database and merge it into a new one\n",
"--upgrade-merge");
"--upgrade-merge");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Cert database directory to merge into (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix of the target database\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s Specify the password file for the target database\n",
" -f pwfile");
" -f pwfile");
FPS "%-20s \n%-20s Cert database directory to upgrade from\n",
" --source-dir certdir", "");
" --source-dir certdir", "");
FPS "%-20s \n%-20s Cert & Key database prefix of the upgrade database\n",
" --soruce-prefix dbprefix", "");
" --soruce-prefix dbprefix", "");
FPS "%-20s \n%-20s Unique identifier for the upgrade database\n",
" --upgrade-id uniqueID", "");
" --upgrade-id uniqueID", "");
FPS "%-20s \n%-20s Name of the token while it is in upgrade state\n",
" --upgrade-token-name name", "");
" --upgrade-token-name name", "");
FPS "%-20s Specify the password file for the upgrade database\n",
" -@ pwfile");
" -@ pwfile");
FPS "\n");
}
static void luMerge(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "merge"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Merge source database into the target database\n",
"--merge");
"--merge");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Cert database directory of target (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix of the target database\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s Specify the password file for the target database\n",
" -f pwfile");
" -f pwfile");
FPS "%-20s \n%-20s Cert database directory of the source database\n",
" --source-dir certdir", "");
" --source-dir certdir", "");
FPS "%-20s \n%-20s Cert & Key database prefix of the source database\n",
" --source-prefix dbprefix", "");
" --source-prefix dbprefix", "");
FPS "%-20s Specify the password file for the source database\n",
" -@ pwfile");
" -@ pwfile");
FPS "\n");
}
static void luS(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "S"));
if (ul == usage_all || !command || is_my_command)
FPS "%-15s Make a certificate and add to database\n",
"-S");
if (ul == usage_selected && !is_my_command)
return;
FPS "%-20s Specify the nickname of the cert\n",
" -n key-name");
FPS "%-20s Specify the subject name (using RFC1485)\n",
" -s subject");
FPS "%-20s The nickname of the issuer cert\n",
" -c issuer-name");
" -c issuer-name");
FPS "%-20s Set the certificate trust attributes (see -A above)\n",
" -t trustargs");
" -t trustargs");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
#endif /* NSS_ENABLE_ECC */
" -k key-type-or-id");
" -k key-type-or-id");
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
" -h token-name");
FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
" -q curve-name");
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
"");
"");
#endif /* NSS_ENABLE_ECC */
FPS "%-20s Self sign\n",
" -x");
" -x");
FPS "%-20s Cert serial number\n",
" -m serial-number");
" -m serial-number");
FPS "%-20s Time Warp\n",
" -w warp-months");
" -w warp-months");
FPS "%-20s Months valid (default is 3)\n",
" -v months-valid");
FPS "%-20s Specify the password file\n",
" -f pwfile");
" -f pwfile");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
" -d certdir");
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
" -P dbprefix");
FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n",
" -p phone");
" -p phone");
FPS "%-20s Create key usage extension\n",
" -1 ");
" -1 ");
FPS "%-20s Create basic constraint extension\n",
" -2 ");
" -2 ");
FPS "%-20s Create authority key ID extension\n",
" -3 ");
" -3 ");
FPS "%-20s Create crl distribution point extension\n",
" -4 ");
" -4 ");
FPS "%-20s Create netscape cert type extension\n",
" -5 ");
" -5 ");
FPS "%-20s Create extended key usage extension\n",
" -6 ");
" -6 ");
FPS "%-20s Create an email subject alt name extension\n",
" -7 emailAddrs ");
" -7 emailAddrs ");
FPS "%-20s Create a DNS subject alt name extension\n",
" -8 DNS-names");
" -8 DNS-names");
FPS "%-20s Create an Authority Information Access extension\n",
" --extAIA ");
" --extAIA ");
FPS "%-20s Create a Subject Information Access extension\n",
" --extSIA ");
" --extSIA ");
FPS "%-20s Create a Certificate Policies extension\n",
" --extCP ");
" --extCP ");
FPS "%-20s Create a Policy Mappings extension\n",
" --extPM ");
" --extPM ");
FPS "%-20s Create a Policy Constraints extension\n",
" --extPC ");
" --extPC ");
FPS "%-20s Create an Inhibit Any Policy extension\n",
" --extIA ");
" --extIA ");
FPS "%-20s Create a subject key ID extension\n",
" --extSKID ");
" --extSKID ");
FPS "\n");
}
exit(1);
static void LongUsage(char *progName, enum usage_level ul, const char *command)
{
luA(ul, command);
luB(ul, command);
luE(ul, command);
luC(ul, command);
luG(ul, command);
luD(ul, command);
luU(ul, command);
luK(ul, command);
luL(ul, command);
luM(ul, command);
luN(ul, command);
luT(ul, command);
luO(ul, command);
luR(ul, command);
luV(ul, command);
luW(ul, command);
luUpgradeMerge(ul, command);
luMerge(ul, command);
luS(ul, command);
#undef FPS
}
static void
Usage(char *progName)
{
PR_fprintf(PR_STDERR,
"%s - Utility to manipulate NSS certificate databases\n\n"
"Usage: %s <command> -d <database-directory> <options>\n\n"
"Valid commands:\n", progName, progName);
LongUsage(progName, usage_selected, NULL);
PR_fprintf(PR_STDERR, "\n"
"%s -H <command> : Print available options for the given command\n"
"%s -H : Print complete help output of all commands and options\n"
"%s --syntax : Print a short summary of all commands and options\n",
progName, progName, progName);
exit(1);
}
static CERTCertificate *
MakeV1Cert( CERTCertDBHandle * handle,
@ -1829,6 +2015,7 @@ enum {
cmd_DeleteKey,
cmd_GenKeyPair,
cmd_PrintHelp,
cmd_PrintSyntax,
cmd_ListKeys,
cmd_ListCerts,
cmd_ModifyCertTrust,
@ -1843,7 +2030,8 @@ enum {
cmd_Version,
cmd_Batch,
cmd_Merge,
cmd_UpgradeMerge /* test only */
cmd_UpgradeMerge, /* test only */
max_cmd
};
/* Certutil options */
@ -1901,7 +2089,8 @@ enum certutilOpts {
opt_SourceDir,
opt_SourcePrefix,
opt_UpgradeID,
opt_UpgradeTokenName
opt_UpgradeTokenName,
opt_Help
};
static const
@ -1913,7 +2102,9 @@ secuCommandFlag commands_init[] =
{ /* cmd_AddEmailCert */ 'E', PR_FALSE, 0, PR_FALSE },
{ /* cmd_DeleteKey */ 'F', PR_FALSE, 0, PR_FALSE },
{ /* cmd_GenKeyPair */ 'G', PR_FALSE, 0, PR_FALSE },
{ /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE },
{ /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE, "help" },
{ /* cmd_PrintSyntax */ 0, PR_FALSE, 0, PR_FALSE,
"syntax" },
{ /* cmd_ListKeys */ 'K', PR_FALSE, 0, PR_FALSE },
{ /* cmd_ListCerts */ 'L', PR_FALSE, 0, PR_FALSE },
{ /* cmd_ModifyCertTrust */ 'M', PR_FALSE, 0, PR_FALSE },
@ -2063,8 +2254,32 @@ certutil_main(int argc, char **argv, PRBool initialize)
if (rv != SECSuccess)
Usage(progName);
if (certutil.commands[cmd_PrintHelp].activated)
LongUsage(progName);
if (certutil.commands[cmd_PrintSyntax].activated) {
PrintSyntax(progName);
}
if (certutil.commands[cmd_PrintHelp].activated) {
int i;
char buf[2];
const char *command = NULL;
for (i = 0; i < max_cmd; i++) {
if (i == cmd_PrintHelp)
continue;
if (certutil.commands[i].activated) {
if (certutil.commands[i].flag) {
buf[0] = certutil.commands[i].flag;
buf[1] = 0;
command = buf;
}
else {
command = certutil.commands[i].longform;
}
break;
}
}
LongUsage(progName, (command ? usage_selected : usage_all), command);
exit(1);
}
if (certutil.options[opt_PasswordFile].arg) {
pwdata.source = PW_FROMFILE;
@ -2247,7 +2462,6 @@ certutil_main(int argc, char **argv, PRBool initialize)
return 255;
}
if (commandsEntered == 0) {
PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName);
Usage(progName);
}

18
security/nss/cmd/lib/secutil.c
Просмотреть файл

@ -981,7 +981,7 @@ SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level)
}
static void
secu_PrintRawString(FILE *out, SECItem *si, char *m, int level)
secu_PrintRawString(FILE *out, SECItem *si, const char *m, int level)
{
int column;
unsigned int i;
@ -2094,23 +2094,25 @@ secu_PrintCRLDistPtsExtension(FILE *out, SECItem *value, char *msg, int level)
CRLDistributionPoint ** pPoints = dPoints->distPoints;
CRLDistributionPoint * pPoint;
while (NULL != (pPoint = *pPoints++)) {
SECU_Indent(out, level); fputs("Distribution point:\n", out);
if (pPoint->distPointType == generalName &&
pPoint->distPoint.fullName != NULL) {
secu_PrintGeneralNames(out, pPoint->distPoint.fullName, NULL,
level);
level + 1);
} else if (pPoint->distPointType == relativeDistinguishedName &&
pPoint->distPoint.relativeName.avas) {
SECU_PrintRDN(out, &pPoint->distPoint.relativeName, "RDN",
level);
level + 1);
} else if (pPoint->derDistPoint.data) {
SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level);
SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level + 1);
}
if (pPoint->reasons.data) {
secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons",
level);
level + 1);
}
if (pPoint->crlIssuer) {
secu_PrintGeneralName(out, pPoint->crlIssuer, "Issuer", level);
secu_PrintGeneralName(out, pPoint->crlIssuer, "CRL issuer",
level + 1);
}
}
} else {
@ -2332,7 +2334,7 @@ SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
* print those, so make a directory name out of the RDN, and print it.
*/
void
SECU_PrintRDN(FILE *out, CERTRDN *rdn, char *msg, int level)
SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level)
{
CERTName name;
CERTRDN *rdns[2];
@ -2345,7 +2347,7 @@ SECU_PrintRDN(FILE *out, CERTRDN *rdn, char *msg, int level)
}
void
SECU_PrintName(FILE *out, CERTName *name, char *msg, int level)
SECU_PrintName(FILE *out, CERTName *name, const char *msg, int level)
{
char *nameStr = NULL;
char *str;

5
security/nss/cmd/lib/secutil.h
Просмотреть файл

@ -309,8 +309,9 @@ extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
char *msg, int level);
extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level);
extern void SECU_PrintRDN(FILE *out, CERTRDN *rdn, char *msg, int level);
extern void SECU_PrintName(FILE *out, CERTName *name, const char *msg,
int level);
extern void SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level);
#ifdef SECU_GetPassword
/* Convert a High public Key to a Low public Key */

8
security/nss/cmd/selfserv/selfserv.c
Просмотреть файл

@ -1491,14 +1491,18 @@ getBoundListenSocket(unsigned short port)
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
PRUint16 socketDomain = PR_AF_INET;
addr.inet.family = PR_AF_INET;
addr.inet.ip = PR_INADDR_ANY;
addr.inet.port = PR_htons(port);
listen_sock = PR_NewTCPSocket();
if (PR_GetEnv("NSS_USE_SDP")) {
socketDomain = PR_AF_INET_SDP;
}
listen_sock = PR_OpenTCPSocket(socketDomain);
if (listen_sock == NULL) {
errExit("PR_NewTCPSocket");
errExit("PR_OpenTCPSocket error");
}
opt.option = PR_SockOpt_Nonblocking;

4
security/nss/cmd/shlibsign/shlibsign.c
Просмотреть файл

@ -46,7 +46,7 @@
* compute the checksum for the NSS cryptographic boundary libraries
* and compare the checksum with the value in .chk file.
*
* $Id: shlibsign.c,v 1.18 2008/11/20 15:44:12 glen.beasley%sun.com Exp $
* $Id: shlibsign.c,v 1.18.20.1 2011/04/08 04:04:27 wtc%google.com Exp $
*/
#ifdef XP_UNIX
@ -1012,7 +1012,7 @@ int main(int argc, char **argv)
}
/* open the target signature file */
fd = PR_OpenFile(output_file,PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,0666);
fd = PR_Open(output_file,PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,0666);
if (fd == NULL ) {
lperror(output_file);
goto cleanup;

38
security/nss/cmd/strsclnt/strsclnt.c
Просмотреть файл

@ -360,7 +360,7 @@ printSecurityInfo(PRFileDesc *fd)
#define MAX_THREADS 128
typedef int startFn(void *a, void *b, int c);
typedef int startFn(void *a, void *b, int c, int d);
static PRInt32 numConnected;
@ -374,6 +374,7 @@ typedef struct perThreadStr {
startFn * startFunc;
PRThread * prThread;
PRBool inUse;
PRInt32 socketDomain;
} perThread;
perThread threads[MAX_THREADS];
@ -429,7 +430,8 @@ thread_wrapper(void * arg)
}
PR_Unlock(threadLock);
if (doop) {
slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->tid);
slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->tid,
slot->socketDomain);
PRINTF("strsclnt: Thread in slot %d returned %d\n",
slot->tid, slot->rv);
}
@ -444,7 +446,8 @@ launch_thread(
startFn * startFunc,
void * a,
void * b,
int tid)
int tid,
int sockDom)
{
PRUint32 i;
perThread * slot;
@ -462,7 +465,8 @@ launch_thread(
slot->a = a;
slot->b = b;
slot->tid = tid;
slot->socketDomain = sockDom;
slot->startFunc = startFunc;
slot->prThread = PR_CreateThread(PR_USER_THREAD,
@ -585,7 +589,8 @@ int
do_writes(
void * a,
void * b,
int c)
int c,
int d)
{
PRFileDesc * ssl_sock = (PRFileDesc *)a;
lockedVars * lv = (lockedVars *)b;
@ -627,7 +632,7 @@ handle_fdx_connection( PRFileDesc * ssl_sock, int connection)
lockedVars_AddToCount(&lv, 1);
/* Attempt to launch the writer thread. */
result = launch_thread(do_writes, ssl_sock, &lv, connection);
result = launch_thread(do_writes, ssl_sock, &lv, connection, -1 /*not used*/);
if (result != SECSuccess)
goto cleanup;
@ -746,7 +751,8 @@ int
do_connects(
void * a,
void * b,
int tid)
int tid,
PRInt32 socketDomain)
{
PRNetAddr * addr = (PRNetAddr *) a;
PRFileDesc * model_sock = (PRFileDesc *) b;
@ -760,7 +766,7 @@ do_connects(
retry:
tcp_sock = PR_OpenTCPSocket(addr->raw.family);
tcp_sock = PR_OpenTCPSocket(socketDomain);
if (tcp_sock == NULL) {
errExit("PR_OpenTCPSocket");
}
@ -1088,6 +1094,7 @@ client_main(
int rv;
PRStatus status;
PRNetAddr addr;
PRInt32 socketDomain;
status = PR_StringToNetAddr(hostName, &addr);
if (status == PR_SUCCESS) {
@ -1115,6 +1122,13 @@ client_main(
}
}
/* check if SDP is going to be used */
if (!PR_GetEnv("NSS_USE_SDP")) {
socketDomain = addr.raw.family;
} else {
socketDomain = PR_AF_INET_SDP;
}
/* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */
NSS_SetDomesticPolicy();
@ -1171,8 +1185,8 @@ client_main(
}
/* configure model SSL socket. */
model_sock = PR_OpenTCPSocket(addr.raw.family);
model_sock = PR_OpenTCPSocket(socketDomain);
if (model_sock == NULL) {
errExit("PR_OpenTCPSocket for model socket");
}
@ -1276,7 +1290,7 @@ client_main(
if (!NoReuse) {
remaining_connections = 1;
rv = launch_thread(do_connects, &addr, model_sock, 0);
rv = launch_thread(do_connects, &addr, model_sock, 0, socketDomain);
/* wait for the first connection to terminate, then launch the rest. */
reap_threads();
remaining_connections = total_connections - 1 ;
@ -1285,7 +1299,7 @@ client_main(
active_threads = PR_MIN(active_threads, remaining_connections);
/* Start up the threads */
for (i=0;i<active_threads;i++) {
rv = launch_thread(do_connects, &addr, model_sock, i);
rv = launch_thread(do_connects, &addr, model_sock, i, socketDomain);
}
reap_threads();
}

11
security/nss/cmd/tstclnt/tstclnt.c
Просмотреть файл

@ -538,6 +538,7 @@ int main(int argc, char **argv)
PLOptState *optstate;
PLOptStatus optstatus;
PRStatus prStatus;
PRUint16 socketDomain;
progName = strrchr(argv[0], '/');
if (!progName)
@ -699,11 +700,17 @@ int main(int argc, char **argv)
printHostNameAndAddr(host, &addr);
/* check if SDP is going to be used */
if (!PR_GetEnv("NSS_USE_SDP")) {
socketDomain = addr.raw.family;
} else {
socketDomain = PR_AF_INET_SDP;
}
if (pingServerFirst) {
int iter = 0;
PRErrorCode err;
do {
s = PR_OpenTCPSocket(addr.raw.family);
s = PR_OpenTCPSocket(socketDomain);
if (s == NULL) {
SECU_PrintError(progName, "Failed to create a TCP socket");
}
@ -741,7 +748,7 @@ int main(int argc, char **argv)
}
/* Create socket */
s = PR_OpenTCPSocket(addr.raw.family);
s = PR_OpenTCPSocket(socketDomain);
if (s == NULL) {
SECU_PrintError(progName, "error creating socket");
return 1;

35
security/nss/lib/certdb/cert.h
Просмотреть файл

@ -37,7 +37,7 @@
/*
* cert.h - public data structures and prototypes for the certificate library
*
* $Id: cert.h,v 1.80.2.1 2010/09/24 13:31:57 kaie%kuix.de Exp $
* $Id: cert.h,v 1.80.2.3 2011/04/08 22:54:34 kaie%kuix.de Exp $
*/
#ifndef _CERT_H_
@ -1112,7 +1112,7 @@ extern CERTCertificateList *
CERT_CertListFromCert(CERTCertificate *cert);
extern CERTCertificateList *
CERT_DupCertList(CERTCertificateList * oldList);
CERT_DupCertList(const CERTCertificateList * oldList);
extern void CERT_DestroyCertificateList(CERTCertificateList *list);
@ -1665,26 +1665,33 @@ extern SECStatus CERT_PKIXVerifyCert(
CERTValInParam *paramsIn,
CERTValOutParam *paramsOut,
void *wincx);
/*
* This function changes the application defaults for the Verify function.
* It should be called once at app initialization time, and only changes
* if the default configuration changes.
*
* This changes the default values for the parameters specified. These
* defaults can be overridden in CERT_PKIXVerifyCert() by explicitly
* setting the value in paramsIn.
*/
extern SECStatus CERT_PKIXSetDefaults(CERTValInParam *paramsIn);
/* Makes old cert validation APIs(CERT_VerifyCert, CERT_VerifyCertificate)
* to use libpkix validation engine. The function should be called ones at
* application initialization time.
* Function is not thread safe.*/
SECStatus CERT_SetUsePKIXForValidation(PRBool enable);
extern SECStatus CERT_SetUsePKIXForValidation(PRBool enable);
/* The function return PR_TRUE if cert validation should use
* libpkix cert validation engine. */
PRBool CERT_GetUsePKIXForValidation(void);
extern PRBool CERT_GetUsePKIXForValidation(void);
/*
* Allocate a parameter container of type CERTRevocationFlags,
* and allocate the inner arrays of the given sizes.
* To cleanup call CERT_DestroyCERTRevocationFlags.
*/
extern CERTRevocationFlags *
CERT_AllocCERTRevocationFlags(
PRUint32 number_leaf_methods, PRUint32 number_leaf_pref_methods,
PRUint32 number_chain_methods, PRUint32 number_chain_pref_methods);
/*
* Destroy the arrays inside flags,
* and destroy the object pointed to by flags, too.
*/
extern void
CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
SEC_END_PROTOS

15
security/nss/lib/certdb/stanpcertdb.c
Просмотреть файл

@ -37,6 +37,7 @@
#include "prtime.h"
#include "cert.h"
#include "certi.h"
#include "certdb.h"
#include "secitem.h"
#include "secder.h"
@ -86,12 +87,26 @@ SEC_DeletePermCertificate(CERTCertificate *cert)
PRStatus nssrv;
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
NSSCertificate *c = STAN_GetNSSCertificate(cert);
CERTCertTrust *certTrust;
if (c == NULL) {
/* error code is set */
return SECFailure;
}
certTrust = nssTrust_GetCERTCertTrustForCert(c, cert);
if (certTrust) {
NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c);
if (nssTrust) {
nssrv = STAN_DeleteCertTrustMatchingSlot(c);
if (nssrv != PR_SUCCESS) {
CERT_MapStanError();
}
/* This call always returns PR_SUCCESS! */
(void) nssTrust_Destroy(nssTrust);
}
}
/* get rid of the token instances */
nssrv = NSSCertificate_DeleteStoredObject(c, NULL);

2
security/nss/lib/certhigh/certhigh.c
Просмотреть файл

@ -1176,7 +1176,7 @@ loser:
}
CERTCertificateList *
CERT_DupCertList(CERTCertificateList * oldList)
CERT_DupCertList(const CERTCertificateList * oldList)
{
CERTCertificateList *newList = NULL;
PRArenaPool *arena = NULL;

57
security/nss/lib/certhigh/certvfypkix.c
Просмотреть файл

@ -1986,6 +1986,63 @@ CERT_GetPKIXVerifyNistRevocationPolicy()
return &certRev_PKIX_Verify_Nist_Policy;
}
CERTRevocationFlags *
CERT_AllocCERTRevocationFlags(
PRUint32 number_leaf_methods, PRUint32 number_leaf_pref_methods,
PRUint32 number_chain_methods, PRUint32 number_chain_pref_methods)
{
CERTRevocationFlags *flags;
flags = PORT_New(CERTRevocationFlags);
if (!flags)
return(NULL);
flags->leafTests.number_of_defined_methods = number_leaf_methods;
flags->leafTests.cert_rev_flags_per_method =
PORT_NewArray(PRUint64, number_leaf_methods);
flags->leafTests.number_of_preferred_methods = number_leaf_pref_methods;
flags->leafTests.preferred_methods =
PORT_NewArray(CERTRevocationMethodIndex, number_leaf_pref_methods);
flags->chainTests.number_of_defined_methods = number_chain_methods;
flags->chainTests.cert_rev_flags_per_method =
PORT_NewArray(PRUint64, number_chain_methods);
flags->chainTests.number_of_preferred_methods = number_chain_pref_methods;
flags->chainTests.preferred_methods =
PORT_NewArray(CERTRevocationMethodIndex, number_chain_pref_methods);
if (!flags->leafTests.cert_rev_flags_per_method
|| !flags->leafTests.preferred_methods
|| !flags->chainTests.cert_rev_flags_per_method
|| !flags->chainTests.preferred_methods) {
CERT_DestroyCERTRevocationFlags(flags);
return (NULL);
}
return flags;
}
void CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
{
if (!flags)
return;
if (flags->leafTests.cert_rev_flags_per_method)
PORT_Free(flags->leafTests.cert_rev_flags_per_method);
if (flags->leafTests.preferred_methods)
PORT_Free(flags->leafTests.preferred_methods);
if (flags->chainTests.cert_rev_flags_per_method)
PORT_Free(flags->chainTests.cert_rev_flags_per_method);
if (flags->chainTests.preferred_methods)
PORT_Free(flags->chainTests.preferred_methods);
PORT_Free(flags);
}
/*
* CERT_PKIXVerifyCert

5421
security/nss/lib/ckfw/builtins/certdata.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

5120
security/nss/lib/ckfw/builtins/certdata.txt
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

4
security/nss/lib/ckfw/builtins/nssckbi.h
Просмотреть файл

@ -77,8 +77,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 81
#define NSS_BUILTINS_LIBRARY_VERSION "1.81"
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 83
#define NSS_BUILTINS_LIBRARY_VERSION "1.83"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

37
security/nss/lib/cryptohi/seckey.c
Просмотреть файл

@ -460,7 +460,7 @@ done:
* - If the cert does not have PQG parameters, obtain them from the issuer.
* - A valid cert chain cannot have a DSA or Fortezza cert without
* pqg parameters that has a parent that is not a DSA or Fortezza cert.
* - pqg paramters are stored in two different formats: the standard
* - pqg parameters are stored in two different formats: the standard
* DER encoded format and the fortezza-only wrapped format. The params
* should be copied from issuer to subject cert without modifying the
* formats. The public key extraction code will deal with the different
@ -1000,6 +1000,15 @@ seckey_GetKeyType (SECOidTag tag) {
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
keyType = ecKey;
break;
/* accommodate applications that hand us a signature type when they
* should be handing us a cipher type */
case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
keyType = rsaKey;
break;
default:
keyType = nullKey;
}
@ -1187,7 +1196,7 @@ CERT_ExtractPublicKey(CERTCertificate *cert)
/*
* Get the public key for the fortezza KMID. NOTE this requires the
* PQG paramters to be set. We probably should have a fortezza call that
* PQG parameters to be set. We probably should have a fortezza call that
* just extracts the kmid for us directly so this function can work
* without having the whole cert chain
*/
@ -2225,7 +2234,7 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk,
SECITEM_ZfreeItem(&pvk->version, PR_FALSE);
SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE);
SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE);
PORT_Memset((char *)pvk, 0, sizeof(pvk));
PORT_Memset((char *)pvk, 0, sizeof(*pvk));
if(freeit == PR_TRUE) {
PORT_Free(pvk);
}
@ -2255,7 +2264,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
} else {
SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE);
SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE);
PORT_Memset((char *)epki, 0, sizeof(epki));
PORT_Memset((char *)epki, 0, sizeof(*epki));
if(freeit == PR_TRUE) {
PORT_Free(epki);
}
@ -2325,19 +2334,24 @@ SECKEY_ImportDERPublicKey(SECItem *derKey, CK_KEY_TYPE type)
SECKEYPublicKey *pubk = NULL;
SECStatus rv = SECFailure;
SECItem newDerKey;
PRArenaPool *arena = NULL;
if (!derKey) {
return NULL;
}
pubk = PORT_ZNew(SECKEYPublicKey);
if(pubk == NULL) {
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto finish;
}
pubk->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (NULL == pubk->arena) {
pubk = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (pubk == NULL) {
goto finish;
}
pubk->arena = arena;
rv = SECITEM_CopyItem(pubk->arena, &newDerKey, derKey);
if (SECSuccess != rv) {
goto finish;
@ -2368,11 +2382,10 @@ SECKEY_ImportDERPublicKey(SECItem *derKey, CK_KEY_TYPE type)
}
finish:
if( rv != SECSuccess && pubk != NULL) {
if (pubk->arena) {
PORT_FreeArena(pubk->arena, PR_TRUE);
if (rv != SECSuccess) {
if (arena != NULL) {
PORT_FreeArena(arena, PR_TRUE);
}
PORT_Free(pubk);
pubk = NULL;
}
return pubk;

6
security/nss/lib/freebl/blapit.h
Просмотреть файл

@ -38,7 +38,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: blapit.h,v 1.22 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
/* $Id: blapit.h,v 1.22.22.1 2011/03/16 18:49:45 alexei.volkov.bugs%sun.com Exp $ */
#ifndef _BLAPIT_H_
#define _BLAPIT_H_
@ -115,6 +115,10 @@
#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
#define AES_BLOCK_SIZE 16 /* bytes */
#define AES_128_KEY_LENGTH 16 /* bytes */
#define AES_192_KEY_LENGTH 24 /* bytes */
#define AES_256_KEY_LENGTH 32 /* bytes */
#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
#define SEED_BLOCK_SIZE 16 /* bytes */

4
security/nss/lib/freebl/mpi/mpi-config.h
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: mpi-config.h,v 1.5 2004/04/25 15:03:10 gerv%gerv.net Exp $ */
/* $Id: mpi-config.h,v 1.5.198.1 2011/04/07 22:31:40 wtc%google.com Exp $ */
#ifndef MPI_CONFIG_H_
#define MPI_CONFIG_H_
@ -100,7 +100,7 @@
#endif
#ifndef MP_MACRO
#define MP_MACRO 0 /* use macros for frequent calls? */
#define MP_MACRO 1 /* use macros for frequent calls? */
#endif
#ifndef MP_SQUARE

4
security/nss/lib/freebl/mpi/mpi.c
Просмотреть файл

@ -40,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: mpi.c,v 1.47 2010/05/02 22:36:41 nelson%bolyard.com Exp $ */
/* $Id: mpi.c,v 1.47.2.1 2011/04/07 22:31:40 wtc%google.com Exp $ */
#include "mpi-priv.h"
#if defined(OSF1)
@ -206,7 +206,6 @@ mp_err mp_copy(const mp_int *from, mp_int *to)
if(from == to)
return MP_OKAY;
++mp_copies;
{ /* copy */
mp_digit *tmp;
@ -2864,6 +2863,7 @@ void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
#else
memcpy(dp, sp, count * sizeof(mp_digit));
#endif
++mp_copies;
} /* end s_mp_copy() */
#endif

4
security/nss/lib/freebl/mpi/mpi_amd64_gas.s
Просмотреть файл

@ -202,7 +202,7 @@
movq %r9, %rax
ret
.size s_mpv_mul_set_vec64, [.-s_mpv_mul_set_vec64]
.size s_mpv_mul_set_vec64, .-s_mpv_mul_set_vec64
# ------------------------------------------------------------------------
#
@ -415,7 +415,7 @@
movq %r9, %rax
ret
.size s_mpv_mul_add_vec64, [.-s_mpv_mul_add_vec64]
.size s_mpv_mul_add_vec64, .-s_mpv_mul_add_vec64
# Magic indicating no need for an executable stack
.section .note.GNU-stack, "", @progbits

4
security/nss/lib/freebl/mpi/mpi_amd64_sun.s
Просмотреть файл

@ -202,7 +202,7 @@
movq %r9, %rax
ret
.size s_mpv_mul_set_vec64, [.-s_mpv_mul_set_vec64]
.size s_mpv_mul_set_vec64, .-s_mpv_mul_set_vec64
/ ------------------------------------------------------------------------
/
@ -415,4 +415,4 @@
movq %r9, %rax
ret
.size s_mpv_mul_add_vec64, [.-s_mpv_mul_add_vec64]
.size s_mpv_mul_add_vec64, .-s_mpv_mul_add_vec64

4
security/nss/lib/freebl/nsslowhash.c
Просмотреть файл

@ -33,7 +33,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: nsslowhash.c,v 1.4 2009/06/09 23:34:06 rrelyea%redhat.com Exp $ */
/* $Id: nsslowhash.c,v 1.4.8.1 2011/01/20 18:41:51 emaldona%redhat.com Exp $ */
#include "stubs.h"
#include "prtypes.h"
@ -275,7 +275,7 @@ static int nsslow_GetFIPSEnabled(void) {
f = fopen("/proc/sys/crypto/fips_enabled", "r");
if (!f)
return 1;
return 0;
size = fread(&d, 1, 1, f);
fclose(f);

335
security/nss/lib/freebl/rsa.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* RSA key generation, public key op, private key op.
*
* $Id: rsa.c,v 1.39.22.1 2010/11/16 19:06:38 rrelyea%redhat.com Exp $
* $Id: rsa.c,v 1.39.22.2 2011/03/30 18:39:44 rrelyea%redhat.com Exp $
*/
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
@ -67,11 +67,23 @@
*/
#define MAX_KEY_GEN_ATTEMPTS 10
/* Blinding Parameters max cache size */
#define RSA_BLINDING_PARAMS_MAX_CACHE_SIZE 20
/* exponent should not be greater than modulus */
#define BAD_RSA_KEY_SIZE(modLen, expLen) \
((expLen) > (modLen) || (modLen) > RSA_MAX_MODULUS_BITS/8 || \
(expLen) > RSA_MAX_EXPONENT_BITS/8)
struct blindingParamsStr;
typedef struct blindingParamsStr blindingParams;
struct blindingParamsStr {
blindingParams *next;
mp_int f, g; /* blinding parameter */
int counter; /* number of remaining uses of (f, g) */
};
/*
** RSABlindingParamsStr
**
@ -85,9 +97,10 @@ struct RSABlindingParamsStr
/* Blinding-specific parameters */
PRCList link; /* link to list of structs */
SECItem modulus; /* list element "key" */
mp_int f, g; /* Blinding parameters */
int counter; /* number of remaining uses of (f, g) */
blindingParams *free, *bp; /* Blinding parameters queue */
blindingParams array[RSA_BLINDING_PARAMS_MAX_CACHE_SIZE];
};
typedef struct RSABlindingParamsStr RSABlindingParams;
/*
** RSABlindingParamsListStr
@ -100,6 +113,8 @@ struct RSABlindingParamsStr
struct RSABlindingParamsListStr
{
PZLock *lock; /* Lock for the list */
PRCondVar *cVar; /* Condidtion Variable */
int waitCount; /* Number of threads waiting on cVar */
PRCList head; /* Pointer to the list */
};
@ -271,7 +286,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
PORT_SetError(SEC_ERROR_NO_MEMORY);
return NULL;
}
key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey));
key = PORT_ArenaZNew(arena, RSAPrivateKey);
if (!key) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
PORT_FreeArena(arena, PR_TRUE);
@ -1026,18 +1041,25 @@ init_blinding_params_list(void)
PORT_SetError(SEC_ERROR_NO_MEMORY);
return PR_FAILURE;
}
blindingParamsList.cVar = PR_NewCondVar( blindingParamsList.lock );
if (!blindingParamsList.cVar) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return PR_FAILURE;
}
blindingParamsList.waitCount = 0;
PR_INIT_CLIST(&blindingParamsList.head);
return PR_SUCCESS;
}
static SECStatus
generate_blinding_params(struct RSABlindingParamsStr *rsabp,
RSAPrivateKey *key, mp_int *n, unsigned int modLen)
generate_blinding_params(RSAPrivateKey *key, mp_int* f, mp_int* g, mp_int *n,
unsigned int modLen)
{
SECStatus rv = SECSuccess;
mp_int e, k;
mp_err err = MP_OKAY;
unsigned char *kb = NULL;
MP_DIGITS(&e) = 0;
MP_DIGITS(&k) = 0;
CHECK_MPI_OK( mp_init(&e) );
@ -1054,11 +1076,9 @@ generate_blinding_params(struct RSABlindingParamsStr *rsabp,
/* k < n */
CHECK_MPI_OK( mp_mod(&k, n, &k) );
/* f = k**e mod n */
CHECK_MPI_OK( mp_exptmod(&k, &e, n, &rsabp->f) );
CHECK_MPI_OK( mp_exptmod(&k, &e, n, f) );
/* g = k**-1 mod n */
CHECK_MPI_OK( mp_invmod(&k, n, &rsabp->g) );
/* Initialize the counter for this (f, g) */
rsabp->counter = RSA_BLINDING_PARAMS_MAX_REUSE;
CHECK_MPI_OK( mp_invmod(&k, n, g) );
cleanup:
if (kb)
PORT_ZFree(kb, modLen);
@ -1072,114 +1092,202 @@ cleanup:
}
static SECStatus
init_blinding_params(struct RSABlindingParamsStr *rsabp, RSAPrivateKey *key,
init_blinding_params(RSABlindingParams *rsabp, RSAPrivateKey *key,
mp_int *n, unsigned int modLen)
{
blindingParams * bp = rsabp->array;
SECStatus rv = SECSuccess;
mp_err err = MP_OKAY;
MP_DIGITS(&rsabp->f) = 0;
MP_DIGITS(&rsabp->g) = 0;
/* initialize blinding parameters */
CHECK_MPI_OK( mp_init(&rsabp->f) );
CHECK_MPI_OK( mp_init(&rsabp->g) );
int i = 0;
/* Initialize the list pointer for the element */
PR_INIT_CLIST(&rsabp->link);
for (i = 0; i < RSA_BLINDING_PARAMS_MAX_CACHE_SIZE; ++i, ++bp) {
bp->next = bp + 1;
MP_DIGITS(&bp->f) = 0;
MP_DIGITS(&bp->g) = 0;
bp->counter = 0;
}
/* The last bp->next value was initialized with out
* of rsabp->array pointer and must be set to NULL
*/
rsabp->array[RSA_BLINDING_PARAMS_MAX_CACHE_SIZE - 1].next = NULL;
bp = rsabp->array;
rsabp->bp = NULL;
rsabp->free = bp;
/* List elements are keyed using the modulus */
SECITEM_CopyItem(NULL, &rsabp->modulus, &key->modulus);
CHECK_SEC_OK( generate_blinding_params(rsabp, key, n, modLen) );
return SECSuccess;
cleanup:
mp_clear(&rsabp->f);
mp_clear(&rsabp->g);
if (err) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
return rv;
}
static SECStatus
get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen,
mp_int *f, mp_int *g)
{
SECStatus rv = SECSuccess;
mp_err err = MP_OKAY;
int cmp;
PRCList *el;
struct RSABlindingParamsStr *rsabp = NULL;
/* Init the list if neccessary (the init function is only called once!) */
if (blindingParamsList.lock == NULL) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* Acquire the list lock */
PZ_Lock(blindingParamsList.lock);
/* Walk the list looking for the private key */
for (el = PR_NEXT_LINK(&blindingParamsList.head);
el != &blindingParamsList.head;
el = PR_NEXT_LINK(el)) {
rsabp = (struct RSABlindingParamsStr *)el;
cmp = SECITEM_CompareItem(&rsabp->modulus, &key->modulus);
if (cmp == 0) {
/* Check the usage counter for the parameters */
if (--rsabp->counter <= 0) {
/* Regenerate the blinding parameters */
CHECK_SEC_OK( generate_blinding_params(rsabp, key, n, modLen) );
}
/* Return the parameters */
CHECK_MPI_OK( mp_copy(&rsabp->f, f) );
CHECK_MPI_OK( mp_copy(&rsabp->g, g) );
/* Now that the params are located, release the list lock. */
PZ_Unlock(blindingParamsList.lock); /* XXX when fails? */
return SECSuccess;
} else if (cmp > 0) {
/* The key is not in the list. Break to param creation. */
break;
RSABlindingParams *rsabp = NULL;
blindingParams *bpUnlinked = NULL;
blindingParams *bp, *prevbp = NULL;
PRCList *el;
SECStatus rv = SECSuccess;
mp_err err = MP_OKAY;
int cmp = -1;
PRBool holdingLock = PR_FALSE;
do {
if (blindingParamsList.lock == NULL) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
}
/* At this point, the key is not in the list. el should point to the
** list element that this key should be inserted before. NOTE: the list
** lock is still held, so there cannot be a race condition here.
*/
rsabp = (struct RSABlindingParamsStr *)
PORT_ZAlloc(sizeof(struct RSABlindingParamsStr));
if (!rsabp) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto cleanup;
}
/* Initialize the list pointer for the element */
PR_INIT_CLIST(&rsabp->link);
/* Initialize the blinding parameters
** This ties up the list lock while doing some heavy, element-specific
** operations, but we don't want to insert the element until it is valid,
** which requires computing the blinding params. If this proves costly,
** it could be done after the list lock is released, and then if it fails
** the lock would have to be reobtained and the invalid element removed.
*/
rv = init_blinding_params(rsabp, key, n, modLen);
if (rv != SECSuccess) {
PORT_ZFree(rsabp, sizeof(struct RSABlindingParamsStr));
goto cleanup;
}
/* Insert the new element into the list
** If inserting in the middle of the list, el points to the link
** to insert before. Otherwise, the link needs to be appended to
** the end of the list, which is the same as inserting before the
** head (since el would have looped back to the head).
*/
PR_INSERT_BEFORE(&rsabp->link, el);
/* Return the parameters */
CHECK_MPI_OK( mp_copy(&rsabp->f, f) );
CHECK_MPI_OK( mp_copy(&rsabp->g, g) );
/* Release the list lock */
PZ_Unlock(blindingParamsList.lock); /* XXX when fails? */
return SECSuccess;
/* Acquire the list lock */
PZ_Lock(blindingParamsList.lock);
holdingLock = PR_TRUE;
/* Walk the list looking for the private key */
for (el = PR_NEXT_LINK(&blindingParamsList.head);
el != &blindingParamsList.head;
el = PR_NEXT_LINK(el)) {
rsabp = (RSABlindingParams *)el;
cmp = SECITEM_CompareItem(&rsabp->modulus, &key->modulus);
if (cmp >= 0) {
/* The key is found or not in the list. */
break;
}
}
if (cmp) {
/* At this point, the key is not in the list. el should point to
** the list element before which this key should be inserted.
*/
rsabp = PORT_ZNew(RSABlindingParams);
if (!rsabp) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto cleanup;
}
rv = init_blinding_params(rsabp, key, n, modLen);
if (rv != SECSuccess) {
PORT_ZFree(rsabp, sizeof(RSABlindingParams));
goto cleanup;
}
/* Insert the new element into the list
** If inserting in the middle of the list, el points to the link
** to insert before. Otherwise, the link needs to be appended to
** the end of the list, which is the same as inserting before the
** head (since el would have looped back to the head).
*/
PR_INSERT_BEFORE(&rsabp->link, el);
}
/* We've found (or created) the RSAblindingParams struct for this key.
* Now, search its list of ready blinding params for a usable one.
*/
while (0 != (bp = rsabp->bp)) {
if (--(bp->counter) > 0) {
/* Found a match and there are still remaining uses left */
/* Return the parameters */
CHECK_MPI_OK( mp_copy(&bp->f, f) );
CHECK_MPI_OK( mp_copy(&bp->g, g) );
PZ_Unlock(blindingParamsList.lock);
return SECSuccess;
}
/* exhausted this one, give its values to caller, and
* then retire it.
*/
mp_exch(&bp->f, f);
mp_exch(&bp->g, g);
mp_clear( &bp->f );
mp_clear( &bp->g );
bp->counter = 0;
/* Move to free list */
rsabp->bp = bp->next;
bp->next = rsabp->free;
rsabp->free = bp;
/* In case there're threads waiting for new blinding
* value - notify 1 thread the value is ready
*/
if (blindingParamsList.waitCount > 0) {
PR_NotifyCondVar( blindingParamsList.cVar );
blindingParamsList.waitCount--;
}
PZ_Unlock(blindingParamsList.lock);
return SECSuccess;
}
/* We did not find a usable set of blinding params. Can we make one?
/* Find a free bp struct. */
prevbp = NULL;
if ((bp = rsabp->free) != NULL) {
/* unlink this bp */
rsabp->free = bp->next;
bp->next = NULL;
bpUnlinked = bp; /* In case we fail */
PZ_Unlock(blindingParamsList.lock);
holdingLock = PR_FALSE;
/* generate blinding parameter values for the current thread */
CHECK_SEC_OK( generate_blinding_params(key, f, g, n, modLen ) );
/* put the blinding parameter values into cache */
CHECK_MPI_OK( mp_init( &bp->f) );
CHECK_MPI_OK( mp_init( &bp->g) );
CHECK_MPI_OK( mp_copy( f, &bp->f) );
CHECK_MPI_OK( mp_copy( g, &bp->g) );
/* Put this at head of queue of usable params. */
PZ_Lock(blindingParamsList.lock);
holdingLock = PR_TRUE;
/* initialize RSABlindingParamsStr */
bp->counter = RSA_BLINDING_PARAMS_MAX_REUSE;
bp->next = rsabp->bp;
rsabp->bp = bp;
bpUnlinked = NULL;
/* In case there're threads waiting for new blinding value
* just notify them the value is ready
*/
if (blindingParamsList.waitCount > 0) {
PR_NotifyAllCondVar( blindingParamsList.cVar );
blindingParamsList.waitCount = 0;
}
PZ_Unlock(blindingParamsList.lock);
return SECSuccess;
}
/* Here, there are no usable blinding parameters available,
* and no free bp blocks, presumably because they're all
* actively having parameters generated for them.
* So, we need to wait here and not eat up CPU until some
* change happens.
*/
blindingParamsList.waitCount++;
PR_WaitCondVar( blindingParamsList.cVar, PR_INTERVAL_NO_TIMEOUT );
PZ_Unlock(blindingParamsList.lock);
holdingLock = PR_FALSE;
} while (1);
cleanup:
/* It is possible to reach this after the lock is already released.
** Ignore the error in that case.
*/
PZ_Unlock(blindingParamsList.lock);
/* It is possible to reach this after the lock is already released. */
if (bpUnlinked) {
if (!holdingLock) {
PZ_Lock(blindingParamsList.lock);
holdingLock = PR_TRUE;
}
bp = bpUnlinked;
mp_clear( &bp->f );
mp_clear( &bp->g );
bp->counter = 0;
/* Must put the unlinked bp back on the free list */
bp->next = rsabp->free;
rsabp->free = bp;
}
if (holdingLock) {
PZ_Unlock(blindingParamsList.lock);
holdingLock = PR_FALSE;
}
if (err) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
return SECFailure;
}
@ -1441,22 +1549,31 @@ SECStatus BL_Init(void)
/* cleanup at shutdown */
void RSA_Cleanup(void)
{
blindingParams * bp = NULL;
if (!coBPInit.initialized)
return;
while (!PR_CLIST_IS_EMPTY(&blindingParamsList.head))
{
struct RSABlindingParamsStr * rsabp = (struct RSABlindingParamsStr *)
PR_LIST_HEAD(&blindingParamsList.head);
while (!PR_CLIST_IS_EMPTY(&blindingParamsList.head)) {
RSABlindingParams *rsabp =
(RSABlindingParams *)PR_LIST_HEAD(&blindingParamsList.head);
PR_REMOVE_LINK(&rsabp->link);
mp_clear(&rsabp->f);
mp_clear(&rsabp->g);
/* clear parameters cache */
while (rsabp->bp != NULL) {
bp = rsabp->bp;
rsabp->bp = rsabp->bp->next;
mp_clear( &bp->f );
mp_clear( &bp->g );
}
SECITEM_FreeItem(&rsabp->modulus,PR_FALSE);
PORT_Free(rsabp);
}
if (blindingParamsList.lock)
{
if (blindingParamsList.cVar) {
PR_DestroyCondVar(blindingParamsList.cVar);
blindingParamsList.cVar = NULL;
}
if (blindingParamsList.lock) {
SKIP_AFTER_FORK(PZ_DestroyLock(blindingParamsList.lock));
blindingParamsList.lock = NULL;
}

4
security/nss/lib/freebl/sha512.c
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sha512.c,v 1.14.6.1 2010/11/18 18:32:52 kaie%kuix.de Exp $ */
/* $Id: sha512.c,v 1.14.6.2 2011/03/30 22:45:05 wtc%google.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
@ -135,7 +135,7 @@ static __inline__ PRUint32 swap4b(PRUint32 value)
#define SHA_HTONL(x) swap4b(x)
#define BYTESWAP4(x) x = SHA_HTONL(x)
#else /* neither windows nor Linux PC */
#else
#define SWAP4MASK 0x00FF00FF
#define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \
((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK))

54
security/nss/lib/freebl/stubs.c
Просмотреть файл

@ -63,6 +63,7 @@
#include <prsystem.h>
#include <prinrval.h>
#include <prtime.h>
#include <prcvar.h>
#include <secasn1.h>
#include <secoid.h>
#include <secdig.h>
@ -150,11 +151,15 @@ STUB_DECLARE(void,PR_Assert,(const char *s, const char *file, PRIntn ln));
STUB_DECLARE(PRStatus,PR_CallOnce,(PRCallOnceType *once, PRCallOnceFN func));
STUB_DECLARE(PRStatus,PR_Close,(PRFileDesc *fd));
STUB_DECLARE(void,PR_DestroyLock,(PRLock *lock));
STUB_DECLARE(void,PR_DestroyCondVar,(PRCondVar *cvar));
STUB_DECLARE(void,PR_Free,(void *ptr));
STUB_DECLARE(char * ,PR_GetLibraryFilePathname,(const char *name,
PRFuncPtr addr));
STUB_DECLARE(void,PR_Lock,(PRLock *lock));
STUB_DECLARE(PRCondVar *,PR_NewCondVar,(PRLock *lock));
STUB_DECLARE(PRLock *,PR_NewLock,(void));
STUB_DECLARE(PRStatus,PR_NotifyCondVar,(PRCondVar *cvar));
STUB_DECLARE(PRStatus,PR_NotifyAllCondVar,(PRCondVar *cvar));
STUB_DECLARE(PRFileDesc *,PR_Open,(const char *name, PRIntn flags,
PRIntn mode));
STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount));
@ -162,6 +167,8 @@ STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset,
PRSeekWhence whence));
STUB_DECLARE(PRStatus,PR_Sleep,(PRIntervalTime ticks));
STUB_DECLARE(PRStatus,PR_Unlock,(PRLock *lock));
STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar,
PRIntervalTime timeout));
STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PRArenaPool *arena,
SECItem *item,unsigned int len));
@ -430,6 +437,48 @@ PR_DestroyLock_stub(PRLock *lock)
return;
}
extern PRCondVar *
PR_NewCondVar_stub(PRLock *lock)
{
STUB_SAFE_CALL1(PR_NewCondVar, lock);
abort();
return NULL;
}
extern PRStatus
PR_NotifyCondVar_stub(PRCondVar *cvar)
{
STUB_SAFE_CALL1(PR_NotifyCondVar, cvar);
abort();
return PR_FAILURE;
}
extern PRStatus
PR_NotifyAllCondVar_stub(PRCondVar *cvar)
{
STUB_SAFE_CALL1(PR_NotifyAllCondVar, cvar);
abort();
return PR_FAILURE;
}
extern PRStatus
PR_WaitCondVar_stub(PRCondVar *cvar, PRIntervalTime timeout)
{
STUB_SAFE_CALL2(PR_WaitCondVar, cvar, timeout);
abort();
return PR_FAILURE;
}
extern void
PR_DestroyCondVar_stub(PRCondVar *cvar)
{
STUB_SAFE_CALL1(PR_DestroyCondVar, cvar);
abort();
return;
}
/*
* NOTE: this presupposes GCC 4.1
*/
@ -507,6 +556,11 @@ freebl_InitNSPR(void *lib)
STUB_FETCH_FUNCTION(PR_Assert);
STUB_FETCH_FUNCTION(PR_Sleep);
STUB_FETCH_FUNCTION(PR_CallOnce);
STUB_FETCH_FUNCTION(PR_NewCondVar);
STUB_FETCH_FUNCTION(PR_NotifyCondVar);
STUB_FETCH_FUNCTION(PR_NotifyAllCondVar);
STUB_FETCH_FUNCTION(PR_WaitCondVar);
STUB_FETCH_FUNCTION(PR_DestroyCondVar);
STUB_FETCH_FUNCTION(PR_NewLock);
STUB_FETCH_FUNCTION(PR_Unlock);
STUB_FETCH_FUNCTION(PR_Lock);

5
security/nss/lib/freebl/stubs.h
Просмотреть файл

@ -71,6 +71,7 @@
#define NSS_SecureMemcmp NSS_SecureMemcmp_stub
#define PR_DestroyCondVar PR_DestroyCondVar_stub
#define PR_Assert PR_Assert_stub
#define PR_CallOnce PR_CallOnce_stub
#define PR_Close PR_Close_stub
@ -78,12 +79,16 @@
#define PR_Free PR_Free_stub
#define PR_GetLibraryFilePathname PR_GetLibraryFilePathname_stub
#define PR_Lock PR_Lock_stub
#define PR_NewCondVar PR_NewCondVar_stub
#define PR_NewLock PR_NewLock_stub
#define PR_NotifyCondVar PR_NotifyCondVar_stub
#define PR_NotifyAllCondVar PR_NotifyAllCondVar_stub
#define PR_Open PR_Open_stub
#define PR_Read PR_Read_stub
#define PR_Seek PR_Seek_stub
#define PR_Sleep PR_Sleep_stub
#define PR_Unlock PR_Unlock_stub
#define PR_WaitCondVar PR_WaitCondVar_stub
extern int FREEBL_InitStubs(void);

3
security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
Просмотреть файл

@ -399,6 +399,9 @@ pkix_CrlChecker_CheckExternal(
if (!localStore) {
PKIX_ERROR_FATAL(PKIX_CRLCHECKERNOLOCALCERTSTOREFOUND);
}
PKIX_CHECK(
PKIX_PL_Cert_VerifyKeyUsage(issuer, PKIX_CRL_SIGN, plContext),
PKIX_CERTCHECKKEYUSAGEFAILED);
PKIX_CHECK(
PKIX_PL_Cert_GetCrlDp(cert, &dpList, plContext),
PKIX_CERTGETCRLDPFAILED);

34
security/nss/lib/libpkix/pkix/top/pkix_build.c
Просмотреть файл

@ -1981,6 +1981,18 @@ cleanup:
PKIX_RETURN(BUILD);
}
/* Prepare 'state' for the AIA round. */
static void
pkix_PrepareForwardBuilderStateForAIA(
PKIX_ForwardBuilderState *state)
{
PORT_Assert(state->useOnlyLocal == PKIX_TRUE);
state->useOnlyLocal = PKIX_FALSE;
state->certStoreIndex = 0;
state->numFanout = state->buildConstants.maxFanout;
state->status = BUILD_TRYAIA;
}
/*
* FUNCTION: pkix_BuildForwardDepthFirstSearch
* DESCRIPTION:
@ -2101,6 +2113,7 @@ pkix_BuildForwardDepthFirstSearch(
PKIX_Error *verifyError = NULL;
PKIX_Error *finalError = NULL;
void *nbio = NULL;
PKIX_UInt32 numIterations = 0;
PKIX_ENTER(BUILD, "pkix_BuildForwardDepthFirstSearch");
PKIX_NULLCHECK_THREE(pNBIOContext, state, pValResult);
@ -2117,6 +2130,13 @@ pkix_BuildForwardDepthFirstSearch(
* of this "while" clause our search has failed.
*/
while (outOfOptions == PKIX_FALSE) {
/*
* The maximum number of iterations works around a bug that
* causes this while loop to never exit when AIA and cross
* certificates are involved. See bug xxxxx.
*/
if (numIterations++ > 250)
PKIX_ERROR(PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS);
if (state->buildConstants.maxTime != 0) {
PKIX_DECREF(currTime);
@ -2728,7 +2748,6 @@ pkix_BuildForwardDepthFirstSearch(
* chain, delete it and go to the certStores.
*/
if (state->usingHintCerts == PKIX_TRUE) {
PKIX_DECREF(state->candidateCerts);
PKIX_CHECK(PKIX_List_Create
(&state->candidateCerts, plContext),
@ -2738,9 +2757,7 @@ pkix_BuildForwardDepthFirstSearch(
state->usingHintCerts = PKIX_FALSE;
state->status = BUILD_TRYAIA;
continue;
} else if (++(state->certIndex) < (state->numCerts)) {
if ((state->buildConstants.maxFanout != 0) &&
(--(state->numFanout) == 0)) {
@ -2775,16 +2792,12 @@ pkix_BuildForwardDepthFirstSearch(
* parent cert, and see if there are any more to try.
*/
if (state->useOnlyLocal == PKIX_TRUE) {
state->useOnlyLocal = PKIX_FALSE;
state->certStoreIndex = 0;
state->numFanout = state->buildConstants.maxFanout;
state->status = BUILD_TRYAIA;
pkix_PrepareForwardBuilderStateForAIA(state);
} else do {
if (state->parentState == NULL) {
/* We are at the top level, and can't back up! */
outOfOptions = PKIX_TRUE;
} else {
/*
* Try the next cert, if any, for this parent.
* Otherwise keep backing up until we reach a
@ -2848,10 +2861,7 @@ pkix_BuildForwardDepthFirstSearch(
}
if (state->useOnlyLocal == PKIX_TRUE) {
/* Clean up and go for AIA round. */
state->useOnlyLocal = PKIX_FALSE;
state->certStoreIndex = 0;
state->numFanout = state->buildConstants.maxFanout;
state->status = BUILD_TRYAIA;
pkix_PrepareForwardBuilderStateForAIA(state);
break;
}
}

6
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
Просмотреть файл

@ -1143,13 +1143,13 @@ pkix_pl_Socket_Poll(
if ((pBytesWritten) &&
((sock->status == SOCKET_SENDPENDING) ||
(sock->status = SOCKET_SENDRCVPENDING))) {
(sock->status == SOCKET_SENDRCVPENDING))) {
pollDesc.in_flags = PR_POLL_WRITE;
}
if ((pBytesRead) &&
((sock->status = SOCKET_RCVPENDING) ||
(sock->status = SOCKET_SENDRCVPENDING))) {
((sock->status == SOCKET_RCVPENDING) ||
(sock->status == SOCKET_SENDRCVPENDING))) {
pollDesc.in_flags |= PR_POLL_READ;
}

75
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
Просмотреть файл

@ -573,10 +573,8 @@ pkix_pl_InfoAccess_ParseTokens(
char terminator,
void *plContext)
{
PKIX_UInt32 len = 0;
PKIX_UInt32 numFilters = 0;
char *endPos = NULL;
char *p = NULL;
char **filterP = NULL;
PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_ParseTokens");
@ -597,8 +595,8 @@ pkix_pl_InfoAccess_ParseTokens(
PKIX_ERROR(PKIX_LOCATIONSTRINGNOTPROPERLYTERMINATED);
}
/* Last one doesn't have a "," as separator, although we allow it */
if (*(endPos-1) != ',') {
/* Last component doesn't need a separator, although we allow it */
if (endPos > *startPos && *(endPos-1) != separator) {
numFilters++;
}
@ -619,36 +617,23 @@ pkix_pl_InfoAccess_ParseTokens(
while (numFilters) {
if (*endPos == separator || *endPos == terminator) {
len = endPos - *startPos;
p = PORT_ArenaZAlloc(arena, len+1);
PKIX_UInt32 len = endPos - *startPos;
char *p = PORT_ArenaZAlloc(arena, len+1);
if (p == NULL) {
PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
}
PORT_Memcpy(p, *startPos, len);
p[len] = '\0';
*filterP = p;
while (len) {
if (**startPos == '%' &&
strncmp(*startPos, "%20", 3) == 0) {
/* replace %20 by blank */
*p = ' ';
*startPos += 3;
len -= 3;
} else {
*p = **startPos;
(*startPos)++;
len--;
}
p++;
}
*p = '\0';
filterP++;
numFilters--;
separator = terminator;
if (endPos == '\0') {
*startPos = endPos;
break;
} else {
endPos++;
@ -666,6 +651,44 @@ cleanup:
PKIX_RETURN(INFOACCESS);
}
static int
pkix_pl_HexDigitToInt(
int ch)
{
if (isdigit(ch)) {
ch = ch - '0';
} else if (isupper(ch)) {
ch = ch - 'A' + 10;
} else {
ch = ch - 'a' + 10;
}
return ch;
}
/*
* Convert the "%" hex hex escape sequences in the URL 'location' in place.
*/
static void
pkix_pl_UnescapeURL(
char *location)
{
const char *src;
char *dst;
for (src = dst = location; *src != '\0'; src++, dst++) {
if (*src == '%' && isxdigit((unsigned char)*(src+1)) &&
isxdigit((unsigned char)*(src+2))) {
*dst = pkix_pl_HexDigitToInt((unsigned char)*(src+1));
*dst *= 16;
*dst += pkix_pl_HexDigitToInt((unsigned char)*(src+2));
src += 2;
} else {
*dst = *src;
}
}
*dst = *src; /* the terminating null */
}
/*
* FUNCTION: pkix_pl_InfoAccess_ParseLocation
* DESCRIPTION:
@ -742,11 +765,7 @@ pkix_pl_InfoAccess_ParseLocation(
plContext),
PKIX_STRINGGETENCODEDFAILED);
#if 0
/* For testing inside the firewall... */
locationAscii = "ldap://nss.red.iplanet.com:1389/cn=Good%20CA,o="
"Test%20Certificates,c=US?caCertificate;binary";
#endif
pkix_pl_UnescapeURL(locationAscii);
/* Skip "ldap:" */
endPos = locationAscii;

7
security/nss/lib/nss/nss.def
Просмотреть файл

@ -1013,3 +1013,10 @@ SECMOD_RestartModules;
;+ local:
;+ *;
;+};
;+NSS_3.12.10 { # NSS 3.12.10 release
;+ global:
CERT_AllocCERTRevocationFlags;
CERT_DestroyCERTRevocationFlags;
;+ local:
;+ *;
;+};

8
security/nss/lib/nss/nss.h
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: nss.h,v 1.81.2.4 2011/01/06 18:04:16 christophe.ravel.bugs%sun.com Exp $ */
/* $Id: nss.h,v 1.81.2.5 2011/01/12 21:39:21 christophe.ravel.bugs%sun.com Exp $ */
#ifndef __nss_h_
#define __nss_h_
@ -66,12 +66,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.12.9.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.12.10.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
#define NSS_VMAJOR 3
#define NSS_VMINOR 12
#define NSS_VPATCH 9
#define NSS_VPATCH 10
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#define NSS_BETA PR_TRUE
#ifndef RC_INVOKED

2
security/nss/lib/pk11wrap/Makefile
Просмотреть файл

@ -78,6 +78,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
export:: private_export
$(OBJDIR)/pk11load$(OBJ_SUFFIX): debug_module.c
# On AIX 4.3, IBM xlC_r compiler (version 3.6.6) cannot compile
# pk11slot.c in 64-bit mode for unknown reasons. A workaround is
# to compile it with optimizations turned on. (Bugzilla bug #63815)

27
security/nss/lib/pk11wrap/debug_module.c
Просмотреть файл

@ -92,6 +92,7 @@ STRING fmt_fwVersion[] = " firmware version: %d.%d";
STRING fmt_hwVersion[] = " hardware version: %d.%d";
STRING fmt_s_qsq_d[] = " %s = \"%s\" [%d]";
STRING fmt_s_s_d[] = " %s = %s [%d]";
STRING fmt_s_lu[] = " %s = %lu";
STRING fmt_invalid_handle[] = " (CK_INVALID_HANDLE)";
@ -110,6 +111,7 @@ static void get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len)
CASE(CKA_VALUE);
CASE(CKA_OBJECT_ID);
CASE(CKA_CERTIFICATE_TYPE);
CASE(CKA_CERTIFICATE_CATEGORY);
CASE(CKA_ISSUER);
CASE(CKA_SERIAL_NUMBER);
CASE(CKA_AC_ISSUER);
@ -144,7 +146,7 @@ static void get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len)
CASE(CKA_SUBPRIME);
CASE(CKA_BASE);
CASE(CKA_PRIME_BITS);
CASE(CKA_SUB_PRIME_BITS);
CASE(CKA_SUBPRIME_BITS);
CASE(CKA_VALUE_BITS);
CASE(CKA_VALUE_LEN);
CASE(CKA_EXTRACTABLE);
@ -666,6 +668,25 @@ static void print_attr_value(CK_ATTRIBUTE_PTR attr)
atype, valstr, attr->ulValueLen));
break;
}
case CKA_PIXEL_X:
case CKA_PIXEL_Y:
case CKA_RESOLUTION:
case CKA_CHAR_ROWS:
case CKA_CHAR_COLUMNS:
case CKA_BITS_PER_PIXEL:
case CKA_CERTIFICATE_CATEGORY: /* should print as enum/string */
case CKA_JAVA_MIDP_SECURITY_DOMAIN: /* should print as enum/string */
case CKA_MODULUS_BITS:
case CKA_PRIME_BITS:
case CKA_SUBPRIME_BITS:
case CKA_VALUE_BITS:
case CKA_VALUE_LEN:
if (attr->ulValueLen > 0 && attr->pValue) {
CK_ULONG valueLen = *((CK_ULONG *)attr->pValue);
/* XXX check for the special value CK_UNAVAILABLE_INFORMATION */
PR_LOG(modlog, 4, (fmt_s_lu, atype, (PRUint32)valueLen));
break;
}
case CKA_LABEL:
case CKA_NETSCAPE_EMAIL:
case CKA_NETSCAPE_URL:
@ -691,7 +712,8 @@ static void print_attr_value(CK_ATTRIBUTE_PTR attr)
PORT_Free(asciiName);
break;
}
/* else fall through and treat like a binary buffer */
/* else treat like a binary buffer */
goto binary_buffer;
}
case CKA_ID:
if (attr->ulValueLen > 0 && attr->pValue) {
@ -713,6 +735,7 @@ static void print_attr_value(CK_ATTRIBUTE_PTR attr)
}
/* else fall through and treat like a binary buffer */
}
binary_buffer:
case CKA_SERIAL_NUMBER:
default:
if (attr->ulValueLen > 0 && attr->pValue) {

9
security/nss/lib/pk11wrap/pk11load.c
Просмотреть файл

@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldModule, SECMODModule *newModule)
char *oldModuleSpec;
if (secmod_IsInternalKeySlot(newModule)) {
pk11_SetInternalKeySlot(slot);
}
pk11_SetInternalKeySlotIfFirst(slot);
}
newID = slot->slotID;
PK11_FreeSlot(slot);
for (thisChild=children, thisID=ids; thisChild && *thisChild;
@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) {
/* look down the slot info table */
PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
SECMOD_SetRootCerts(mod->slots[i],mod);
/* explicitly mark the internal slot as such if IsInternalKeySlot()
* is set */
if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
pk11_SetInternalKeySlotIfFirst(mod->slots[i]);
}
}
mod->slotCount = slotCount;
mod->slotInfoCount = 0;

13
security/nss/lib/pk11wrap/pk11pars.c
Просмотреть файл

@ -258,6 +258,19 @@ secmod_IsInternalKeySlot(SECMODModule *mod)
return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE;
}
void
secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val)
{
char flags = (char) mod->internal;
if (val) {
flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT;
} else {
flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT;
}
mod->internal = flags;
}
/* forward declarations */
static int secmod_escapeSize(const char *string, char quote);
static char *secmod_addEscape(const char *string, char quote);

2
security/nss/lib/pk11wrap/pk11priv.h
Просмотреть файл

@ -115,6 +115,8 @@ void PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot);
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
PK11SlotInfo *pk11_SwapInternalKeySlot(PK11SlotInfo *slot);
void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
/*********************************************************************
* Mechanism Mapping functions

34
security/nss/lib/pk11wrap/pk11slot.c
Просмотреть файл

@ -1349,7 +1349,7 @@ pk11_isRootSlot(PK11SlotInfo *slot)
* times as tokens are removed and re-inserted.
*/
void
PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
{
SECStatus rv;
char *tmp;
@ -1726,6 +1726,12 @@ PK11_NeedUserInit(PK11SlotInfo *slot)
}
static PK11SlotInfo *pk11InternalKeySlot = NULL;
/*
* Set a new default internal keyslot. If one has already been set, clear it.
* Passing NULL falls back to the NSS normally selected default internal key
* slot.
*/
void
pk11_SetInternalKeySlot(PK11SlotInfo *slot)
{
@ -1735,6 +1741,32 @@ pk11_SetInternalKeySlot(PK11SlotInfo *slot)
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
}
/*
* Set a new default internal keyslot if the normal key slot has not already
* been overridden. Subsequent calls to this function will be ignored unless
* pk11_SetInternalKeySlot is used to clear the current default.
*/
void
pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)
{
if (pk11InternalKeySlot) {
return;
}
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
}
/*
* Swap out a default internal keyslot. Caller owns the Slot Reference
*/
PK11SlotInfo *
pk11_SwapInternalKeySlot(PK11SlotInfo *slot)
{
PK11SlotInfo *swap = pk11InternalKeySlot;
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
return swap;
}
/* get the internal key slot. FIPS has only one slot for both key slots and
* default slots */

12
security/nss/lib/pk11wrap/pk11util.c
Просмотреть файл

@ -483,13 +483,25 @@ SECMOD_DeleteInternalModule(const char *name)
NULL, SECMOD_FIPS_FLAGS);
}
if (newModule) {
PK11SlotInfo *slot;
newModule->libraryParams =
PORT_ArenaStrdup(newModule->arena,mlp->module->libraryParams);
/* if an explicit internal key slot has been set, reset it */
slot = pk11_SwapInternalKeySlot(NULL);
if (slot) {
secmod_SetInternalKeySlotFlag(newModule, PR_TRUE);
}
rv = SECMOD_AddModule(newModule);
if (rv != SECSuccess) {
/* load failed, restore the internal key slot */
pk11_SetInternalKeySlot(slot);
SECMOD_DestroyModule(newModule);
newModule = NULL;
}
/* free the old explicit internal key slot, we now have a new one */
if (slot) {
PK11_FreeSlot(slot);
}
}
if (newModule == NULL) {
SECMODModuleList *last = NULL,*mlp2;

2
security/nss/lib/pk11wrap/secmodi.h
Просмотреть файл

@ -90,6 +90,8 @@ SECStatus secmod_LoadPKCS11Module(SECMODModule *, SECMODModule **oldModule);
SECStatus SECMOD_UnloadModule(SECMODModule *);
void SECMOD_SetInternalModule(SECMODModule *);
PRBool secmod_IsInternalKeySlot(SECMODModule *);
void secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val);
/* tools for checking if we are loading the same database twice */
typedef struct SECMODConfigListStr SECMODConfigList;

94
security/nss/lib/pki/pki3hack.c
Просмотреть файл

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.100 $ $Date: 2010/05/18 19:38:40 $";
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.100.2.1 $ $Date: 2011/03/26 16:55:01 $";
#endif /* DEBUG */
/*
@ -1215,6 +1215,98 @@ done:
return nssrv;
}
/*
** Delete trust objects matching the given slot.
** Returns error if a device fails to delete.
**
** This function has the side effect of moving the
** surviving entries to the front of the object list
** and nullifying the rest.
*/
static PRStatus
DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject)
{
int numNotDestroyed = 0; /* the ones skipped plus the failures */
int failureCount = 0; /* actual deletion failures by devices */
int index;
nssPKIObject_Lock(tObject);
/* Keep going even if a module fails to delete. */
for (index = 0; index < tObject->numInstances; index++) {
nssCryptokiObject *instance = tObject->instances[index];
if (!instance) {
continue;
}
/* ReadOnly and not matched treated the same */
if (PK11_IsReadOnly(instance->token->pk11slot) ||
pk11slot != instance->token->pk11slot) {
tObject->instances[numNotDestroyed++] = instance;
continue;
}
/* Here we have found a matching one */
tObject->instances[index] = NULL;
if (nssToken_DeleteStoredObject(instance) == PR_SUCCESS) {
nssCryptokiObject_Destroy(instance);
} else {
tObject->instances[numNotDestroyed++] = instance;
failureCount++;
}
}
if (numNotDestroyed == 0) {
nss_ZFreeIf(tObject->instances);
tObject->numInstances = 0;
} else {
tObject->numInstances = numNotDestroyed;
}
nssPKIObject_Unlock(tObject);
return failureCount == 0 ? PR_SUCCESS : PR_FAILURE;
}
/*
** Delete trust objects matching the slot of the given certificate.
** Returns an error if any device fails to delete.
*/
NSS_EXTERN PRStatus
STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c)
{
PRStatus nssrv = PR_SUCCESS;
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c);
/* caller made sure nssTrust isn't NULL */
nssPKIObject *tobject = &nssTrust->object;
nssPKIObject *cobject = &c->object;
int i;
/* Iterate through the cert and trust object instances looking for
* those with matching pk11 slots to delete. Even if some device
* can't delete we keep going. Keeping a status variable for the
* loop so that once it's failed the other gets set.
*/
NSSRWLock_LockRead(td->tokensLock);
nssPKIObject_Lock(cobject);
for (i = 0; i < cobject->numInstances; i++) {
nssCryptokiObject *cInstance = cobject->instances[i];
if (cInstance && !PK11_IsReadOnly(cInstance->token->pk11slot)) {
PRStatus status;
if (!tobject->numInstances || !tobject->instances) continue;
status = DeleteCertTrustMatchingSlot(cInstance->token->pk11slot, tobject);
if (status == PR_FAILURE) {
/* set the outer one but keep going */
nssrv = PR_FAILURE;
}
}
}
nssPKIObject_Unlock(cobject);
NSSRWLock_UnlockRead(td->tokensLock);
return nssrv;
}
/* CERT_TraversePermCertsForSubject */
NSS_IMPLEMENT PRStatus
nssTrustDomain_TraverseCertificatesBySubject (

5
security/nss/lib/pki/pki3hack.h
Просмотреть файл

@ -38,7 +38,7 @@
#define PKINSS3HACK_H
#ifdef DEBUG
static const char PKINSS3HACK_CVS_ID[] = "@(#) $RCSfile: pki3hack.h,v $ $Revision: 1.19 $ $Date: 2005/01/20 02:25:49 $";
static const char PKINSS3HACK_CVS_ID[] = "@(#) $RCSfile: pki3hack.h,v $ $Revision: 1.19.192.1 $ $Date: 2011/03/26 16:55:01 $";
#endif /* DEBUG */
#ifndef NSSDEVT_H
@ -106,6 +106,9 @@ STAN_GetNSSCertificate(CERTCertificate *c);
NSS_EXTERN CERTCertTrust *
nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc);
NSS_EXTERN PRStatus
STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c);
NSS_EXTERN PRStatus
STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust);

55
security/nss/lib/smime/cms.h
Просмотреть файл

@ -37,7 +37,7 @@
/*
* Interfaces of the CMS implementation.
*
* $Id: cms.h,v 1.23 2010/04/25 23:37:38 nelson%bolyard.com Exp $
* $Id: cms.h,v 1.23.2.3 2011/02/11 16:44:02 emaldona%redhat.com Exp $
*/
#ifndef _CMS_H_
@ -302,6 +302,14 @@ NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInf
extern SECStatus
NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEncryptedData *encd);
/*
* turn off streaming for this content type.
* This could fail with SEC_ERROR_NO_MEMORY in memory constrained conditions.
*/
extern SECStatus
NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream);
/*
* NSS_CMSContentInfo_GetContent - get pointer to inner content
*
@ -1128,6 +1136,51 @@ NSS_CMSDEREncode(NSSCMSMessage *cmsg, SECItem *input, SECItem *derOut,
PLArenaPool *arena);
/************************************************************************
*
************************************************************************/
/*
* define new S/MIME content type entries
*
* S/MIME uses the builtin PKCS7 oid types for encoding and decoding the
* various S/MIME content. Some applications have their own content type
* which is different from the standard content type defined by S/MIME.
*
* This function allows you to register new content types. There are basically
* Two different types of content, Wrappping content, and Data.
*
* For data types, All the functions below can be zero or NULL excext
* type and is isData, which should be your oid tag and PR_FALSE respectively
*
* For wrapping types, everything must be provided, or you will get encoder
* failures.
*
* If NSS doesn't already define the OID that you need, you can register
* your own with SECOID_AddEntry.
*
* Once you have defined your new content type, you can pass your new content
* type to NSS_CMSContentInfo_SetContent().
*
* If you are using a wrapping type you can pass your own data structure in
* the ptr field, but it must contain and embedded NSSCMSGenericWrappingData
* structure as the first element. The size you pass to
* NSS_CMSType_RegisterContentType is the total size of your self defined
* data structure. NSS_CMSContentInfo_GetContent will return that data
* structure from the content info. Your ASN1Template will be evaluated
* against that data structure.
*/
SECStatus NSS_CMSType_RegisterContentType(SECOidTag type,
SEC_ASN1Template *asn1Template, size_t size,
NSSCMSGenericWrapperDataDestroy destroy,
NSSCMSGenericWrapperDataCallback decode_before,
NSSCMSGenericWrapperDataCallback decode_after,
NSSCMSGenericWrapperDataCallback decode_end,
NSSCMSGenericWrapperDataCallback encode_start,
NSSCMSGenericWrapperDataCallback encode_before,
NSSCMSGenericWrapperDataCallback encode_after,
PRBool isData);
/************************************************************************/
SEC_END_PROTOS

22
security/nss/lib/smime/cmsasn1.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* CMS ASN.1 templates
*
* $Id: cmsasn1.c,v 1.7 2010/06/06 22:36:35 nelson%bolyard.com Exp $
* $Id: cmsasn1.c,v 1.7.2.2 2011/02/01 00:33:23 rrelyea%redhat.com Exp $
*/
#include "cmslocal.h"
@ -479,6 +479,20 @@ const SEC_ASN1Template NSS_PointerToCMSEncryptedDataTemplate[] = {
{ SEC_ASN1_POINTER, 0, NSSCMSEncryptedDataTemplate }
};
const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[] = {
{ SEC_ASN1_INLINE,
offsetof(NSSCMSGenericWrapperData,contentInfo),
NSSCMSEncapsulatedContentInfoTemplate },
};
SEC_ASN1_CHOOSER_IMPLEMENT(NSSCMSGenericWrapperDataTemplate);
const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[] = {
{ SEC_ASN1_POINTER, 0, NSSCMSGenericWrapperDataTemplate }
};
SEC_ASN1_CHOOSER_IMPLEMENT(NSS_PointerToCMSGenericWrapperDataTemplate);
/* -----------------------------------------------------------------------------
* FORTEZZA KEA
*/
@ -547,15 +561,17 @@ nss_cms_choose_content_template(void *src_or_dest, PRBool encoding)
{
const SEC_ASN1Template *theTemplate;
NSSCMSContentInfo *cinfo;
SECOidTag type;
PORT_Assert (src_or_dest != NULL);
if (src_or_dest == NULL)
return NULL;
cinfo = (NSSCMSContentInfo *)src_or_dest;
switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
type = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
switch (type) {
default:
theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
theTemplate = NSS_CMSType_GetTemplate(type);
break;
case SEC_OID_PKCS7_DATA:
theTemplate = SEC_ASN1_GET(SEC_PointerToOctetStringTemplate);

123
security/nss/lib/smime/cmscinfo.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* CMS contentInfo methods.
*
* $Id: cmscinfo.c,v 1.7 2004/04/25 15:03:16 gerv%gerv.net Exp $
* $Id: cmscinfo.c,v 1.7.192.3 2011/02/11 03:57:50 emaldona%redhat.com Exp $
*/
#include "cmslocal.h"
@ -47,11 +47,37 @@
#include "secoid.h"
#include "secerr.h"
/*
* NSS_CMSContentInfo_Create - create a content info
*
* version is set in the _Finalize procedures for each content type
*/
SECStatus
NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo)
{
if (cinfo->privateInfo) {
return SECSuccess;
}
cinfo->privateInfo = PORT_ZNew(NSSCMSContentInfoPrivate);
return (cinfo->privateInfo) ? SECSuccess : SECFailure;
}
static void
nss_cmsContentInfo_private_destroy(NSSCMSContentInfoPrivate *privateInfo)
{
if (privateInfo->digcx) {
/* must destroy digest objects */
NSS_CMSDigestContext_Cancel(privateInfo->digcx);
privateInfo->digcx = NULL;
}
if (privateInfo->ciphcx) {
NSS_CMSCipherContext_Destroy(privateInfo->ciphcx);
privateInfo->ciphcx = NULL;
}
PORT_Free(privateInfo);
}
/*
* NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
@ -76,23 +102,17 @@ NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo)
NSS_CMSDigestedData_Destroy(cinfo->content.digestedData);
break;
default:
NSS_CMSGenericWrapperData_Destroy(kind, cinfo->content.genericData);
/* XXX Anything else that needs to be "manually" freed/destroyed? */
break;
}
if (cinfo->digcx) {
/* must destroy digest objects */
NSS_CMSDigestContext_Cancel(cinfo->digcx);
cinfo->digcx = NULL;
if (cinfo->privateInfo) {
nss_cmsContentInfo_private_destroy(cinfo->privateInfo);
cinfo->privateInfo = NULL;
}
if (cinfo->bulkkey)
if (cinfo->bulkkey) {
PK11_FreeSymKey(cinfo->bulkkey);
if (cinfo->ciphcx) {
NSS_CMSCipherContext_Destroy(cinfo->ciphcx);
cinfo->ciphcx = NULL;
}
/* we live in a pool, so no need to worry about storage */
}
/*
@ -101,31 +121,56 @@ NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo)
NSSCMSContentInfo *
NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo)
{
void * ptr = NULL;
NSSCMSContentInfo * ccinfo = NULL;
SECOidTag tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
switch (tag) {
case SEC_OID_PKCS7_SIGNED_DATA:
ptr = (void *)cinfo->content.signedData;
ccinfo = &(cinfo->content.signedData->contentInfo);
if (cinfo->content.signedData != NULL) {
ccinfo = &(cinfo->content.signedData->contentInfo);
}
break;
case SEC_OID_PKCS7_ENVELOPED_DATA:
ptr = (void *)cinfo->content.envelopedData;
ccinfo = &(cinfo->content.envelopedData->contentInfo);
if (cinfo->content.envelopedData != NULL) {
ccinfo = &(cinfo->content.envelopedData->contentInfo);
}
break;
case SEC_OID_PKCS7_DIGESTED_DATA:
ptr = (void *)cinfo->content.digestedData;
ccinfo = &(cinfo->content.digestedData->contentInfo);
if (cinfo->content.digestedData != NULL) {
ccinfo = &(cinfo->content.digestedData->contentInfo);
}
break;
case SEC_OID_PKCS7_ENCRYPTED_DATA:
ptr = (void *)cinfo->content.encryptedData;
ccinfo = &(cinfo->content.encryptedData->contentInfo);
if (cinfo->content.encryptedData != NULL) {
ccinfo = &(cinfo->content.encryptedData->contentInfo);
}
break;
case SEC_OID_PKCS7_DATA:
default:
if (NSS_CMSType_IsWrapper(tag)) {
if (cinfo->content.genericData != NULL) {
ccinfo = &(cinfo->content.genericData->contentInfo);
}
}
break;
}
return (ptr ? ccinfo : NULL);
if (ccinfo && !ccinfo->privateInfo) {
NSS_CMSContentInfo_Private_Init(ccinfo);
}
return ccinfo;
}
SECStatus
NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream)
{
SECStatus rv;
rv = NSS_CMSContentInfo_Private_Init(cinfo);
if (rv != SECSuccess) {
/* default is streaming, failure to get ccinfo will not effect this */
return dontStream ? SECFailure : SECSuccess ;
}
cinfo->privateInfo->dontStream = dontStream;
return SECSuccess;
}
/*
@ -147,7 +192,9 @@ NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SEC
cinfo->content.pointer = ptr;
if (type != SEC_OID_PKCS7_DATA) {
if (NSS_CMSType_IsData(type) && ptr) {
cinfo->rawContent = ptr;
} else {
/* as we always have some inner data,
* we need to set it to something, just to fool the encoder enough to work on it
* and get us into nss_cms_encoder_notify at that point */
@ -174,9 +221,10 @@ NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo
{
if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess)
return SECFailure;
cinfo->rawContent = (detached) ?
NULL : (data) ?
data : SECITEM_AllocItem(cmsg->poolp, NULL, 1);
if (detached) {
cinfo->rawContent = NULL;
}
return SECSuccess;
}
@ -204,6 +252,7 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn
return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_ENCRYPTED_DATA, (void *)encd);
}
/*
* NSS_CMSContentInfo_GetContent - get pointer to inner content
*
@ -223,7 +272,7 @@ NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
case SEC_OID_PKCS7_ENCRYPTED_DATA:
return cinfo->content.pointer;
default:
return NULL;
return NSS_CMSType_IsWrapper(tag) ? cinfo->content.pointer : (NSS_CMSType_IsData(tag) ? cinfo->rawContent : NULL);
}
}
@ -232,6 +281,7 @@ NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
*
* this is typically only called by NSS_CMSMessage_GetContent()
*/
SECItem *
NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
{
@ -240,26 +290,21 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
SECItem *pItem = NULL;
tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
switch (tag) {
case SEC_OID_PKCS7_DATA:
/* end of recursion - every message has to have a data cinfo */
if (NSS_CMSType_IsData(tag)) {
pItem = cinfo->content.data;
break;
case SEC_OID_PKCS7_DIGESTED_DATA:
case SEC_OID_PKCS7_ENCRYPTED_DATA:
case SEC_OID_PKCS7_ENVELOPED_DATA:
case SEC_OID_PKCS7_SIGNED_DATA:
} else if (NSS_CMSType_IsWrapper(tag)) {
ccinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo);
if (ccinfo != NULL)
if (ccinfo != NULL) {
pItem = NSS_CMSContentInfo_GetContent(ccinfo);
break;
default:
}
} else {
PORT_Assert(0);
break;
}
return pItem;
}
/*
* NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
* for future reference) and return the inner content type.

143
security/nss/lib/smime/cmsdecode.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* CMS decoding.
*
* $Id: cmsdecode.c,v 1.9.66.1 2010/12/23 18:03:41 kaie%kuix.de Exp $
* $Id: cmsdecode.c,v 1.9.66.4 2011/03/15 17:51:01 emaldona%redhat.com Exp $
*/
#include "cmslocal.h"
@ -120,8 +120,7 @@ nss_cms_decoder_notify(void *arg, PRBool before, void *dest, int depth)
#endif
/* so what are we working on right now? */
switch (p7dcx->type) {
case SEC_OID_UNKNOWN:
if (p7dcx->type == SEC_OID_UNKNOWN) {
/*
* right now, we are still decoding the OUTER (root) cinfo
* As soon as we know the inner content type, set up the info,
@ -136,8 +135,7 @@ nss_cms_decoder_notify(void *arg, PRBool before, void *dest, int depth)
/* is this ready already ? need to alloc? */
/* XXX yes we need to alloc -- continue here */
}
break;
case SEC_OID_PKCS7_DATA:
} else if (NSS_CMSType_IsData(p7dcx->type)) {
/* this can only happen if the outermost cinfo has DATA in it */
/* otherwise, we handle this type implicitely in the inner decoders */
@ -150,86 +148,71 @@ nss_cms_decoder_notify(void *arg, PRBool before, void *dest, int depth)
nss_cms_decoder_update_filter,
p7dcx,
(PRBool)(p7dcx->cb != NULL));
break;
}
if (after && dest == &(rootcinfo->content.data)) {
} else if (after && dest == &(rootcinfo->content.data)) {
/* remove the filter */
SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
}
break;
} else if (NSS_CMSType_IsWrapper(p7dcx->type)) {
if (!before || dest != &(rootcinfo->content)) {
case SEC_OID_PKCS7_SIGNED_DATA:
case SEC_OID_PKCS7_ENVELOPED_DATA:
case SEC_OID_PKCS7_DIGESTED_DATA:
case SEC_OID_PKCS7_ENCRYPTED_DATA:
if (p7dcx->content.pointer == NULL)
p7dcx->content = rootcinfo->content;
if (before && dest == &(rootcinfo->content))
break; /* we're not there yet */
if (p7dcx->content.pointer == NULL)
p7dcx->content = rootcinfo->content;
/* get this data type's inner contentInfo */
cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer,
/* get this data type's inner contentInfo */
cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer,
p7dcx->type);
if (before && dest == &(cinfo->contentType)) {
/* at this point, set up the &%$&$ back pointer */
/* we cannot do it later, because the content itself is optional! */
/* please give me C++ */
switch (p7dcx->type) {
case SEC_OID_PKCS7_SIGNED_DATA:
p7dcx->content.signedData->cmsg = p7dcx->cmsg;
break;
case SEC_OID_PKCS7_DIGESTED_DATA:
p7dcx->content.digestedData->cmsg = p7dcx->cmsg;
break;
case SEC_OID_PKCS7_ENVELOPED_DATA:
p7dcx->content.envelopedData->cmsg = p7dcx->cmsg;
break;
case SEC_OID_PKCS7_ENCRYPTED_DATA:
p7dcx->content.encryptedData->cmsg = p7dcx->cmsg;
break;
default:
PORT_Assert(0);
break;
if (before && dest == &(cinfo->contentType)) {
/* at this point, set up the &%$&$ back pointer */
/* we cannot do it later, because the content itself
* is optional! */
switch (p7dcx->type) {
case SEC_OID_PKCS7_SIGNED_DATA:
p7dcx->content.signedData->cmsg = p7dcx->cmsg;
break;
case SEC_OID_PKCS7_DIGESTED_DATA:
p7dcx->content.digestedData->cmsg = p7dcx->cmsg;
break;
case SEC_OID_PKCS7_ENVELOPED_DATA:
p7dcx->content.envelopedData->cmsg = p7dcx->cmsg;
break;
case SEC_OID_PKCS7_ENCRYPTED_DATA:
p7dcx->content.encryptedData->cmsg = p7dcx->cmsg;
break;
default:
p7dcx->content.genericData->cmsg = p7dcx->cmsg;
break;
}
}
}
if (before && dest == &(cinfo->rawContent)) {
/* we want the ASN.1 decoder to deliver the decoded bytes to us
** from now on
*/
SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
if (before && dest == &(cinfo->rawContent)) {
/* we want the ASN.1 decoder to deliver the decoded bytes to us
** from now on
*/
SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
nss_cms_decoder_update_filter,
p7dcx, (PRBool)(p7dcx->cb != NULL));
/* we're right in front of the data */
if (nss_cms_before_data(p7dcx) != SECSuccess) {
SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
/* stop all processing */
p7dcx->error = PORT_GetError();
/* we're right in front of the data */
if (nss_cms_before_data(p7dcx) != SECSuccess) {
SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
/* stop all processing */
p7dcx->error = PORT_GetError();
}
}
if (after && dest == &(cinfo->rawContent)) {
/* we're right after of the data */
if (nss_cms_after_data(p7dcx) != SECSuccess)
p7dcx->error = PORT_GetError();
/* we don't need to see the contents anymore */
SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
}
}
if (after && dest == &(cinfo->rawContent)) {
/* we're right after of the data */
if (nss_cms_after_data(p7dcx) != SECSuccess)
p7dcx->error = PORT_GetError();
/* we don't need to see the contents anymore */
SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
}
break;
#if 0 /* NIH */
case SEC_OID_PKCS7_AUTHENTICATED_DATA:
#endif
default:
} else {
/* unsupported or unknown message type - fail gracefully */
p7dcx->error = SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE;
break;
}
}
@ -269,7 +252,8 @@ nss_cms_before_data(NSSCMSDecoderContext *p7dcx)
p7dcx->content.encryptedData);
break;
default:
return SECFailure;
rv = NSS_CMSGenericWrapperData_Decode_BeforeData(p7dcx->type,
p7dcx->content.genericData);
}
if (rv != SECSuccess)
return SECFailure;
@ -280,7 +264,7 @@ nss_cms_before_data(NSSCMSDecoderContext *p7dcx)
cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer, p7dcx->type);
childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
if (childtype == SEC_OID_PKCS7_DATA) {
if (NSS_CMSType_IsData(childtype)) {
cinfo->content.pointer = (void *) nss_cms_create_decoder_data(poolp);
if (cinfo->content.pointer == NULL)
/* set memory error */
@ -307,6 +291,9 @@ nss_cms_before_data(NSSCMSDecoderContext *p7dcx)
if (childp7dcx->content.pointer == NULL)
goto loser;
/* give the parent a copy of the pointer so that it doesn't get lost */
cinfo->content.pointer = childp7dcx->content.pointer;
/* start the child decoder */
childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer,
template);
@ -395,7 +382,8 @@ nss_cms_after_data(NSSCMSDecoderContext *p7dcx)
/* do nothing */
break;
default:
rv = SECFailure;
rv = NSS_CMSGenericWrapperData_Decode_AfterData(p7dcx->type,
p7dcx->content.genericData);
break;
}
done:
@ -430,7 +418,8 @@ nss_cms_after_end(NSSCMSDecoderContext *p7dcx)
case SEC_OID_PKCS7_DATA:
break;
default:
rv = SECFailure; /* we should not have got that far... */
rv = NSS_CMSGenericWrapperData_Decode_AfterEnd(p7dcx->type,
p7dcx->content.genericData);
break;
}
return rv;
@ -469,7 +458,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderContext *p7dcx,
goto loser;
}
if (cinfo->ciphcx != NULL) {
if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
/*
* we are decrypting.
*
@ -483,7 +472,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderContext *p7dcx,
unsigned int buflen; /* length available for decrypted data */
/* find out about the length of decrypted data */
buflen = NSS_CMSCipherContext_DecryptLength(cinfo->ciphcx, len, final);
buflen = NSS_CMSCipherContext_DecryptLength(cinfo->privateInfo->ciphcx, len, final);
/*
* it might happen that we did not provide enough data for a full
@ -514,7 +503,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderContext *p7dcx,
* any output (see above), but we still need to call NSS_CMSCipherContext_Decrypt to
* keep track of incoming data
*/
rv = NSS_CMSCipherContext_Decrypt(cinfo->ciphcx, buf, &outlen, buflen,
rv = NSS_CMSCipherContext_Decrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen,
data, len, final);
if (rv != SECSuccess) {
p7dcx->error = PORT_GetError();
@ -534,8 +523,8 @@ nss_cms_decoder_work_data(NSSCMSDecoderContext *p7dcx,
/*
* Update the running digests with plaintext bytes (if we need to).
*/
if (cinfo->digcx)
NSS_CMSDigestContext_Update(cinfo->digcx, data, len);
if (cinfo->privateInfo && cinfo->privateInfo->digcx)
NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len);
/* at this point, we have the plain decoded & decrypted data
** which is either more encoded DER (which we need to hand to the child

37
security/nss/lib/smime/cmsdigdata.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* CMS digestedData methods.
*
* $Id: cmsdigdata.c,v 1.5 2004/04/25 15:03:16 gerv%gerv.net Exp $
* $Id: cmsdigdata.c,v 1.5.192.2 2011/02/11 03:57:50 emaldona%redhat.com Exp $
*/
#include "cmslocal.h"
@ -117,7 +117,8 @@ NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd)
SECItem *dummy;
version = NSS_CMS_DIGESTED_DATA_VERSION_DATA;
if (NSS_CMSContentInfo_GetContentTypeTag(&(digd->contentInfo)) != SEC_OID_PKCS7_DATA)
if (!NSS_CMSType_IsData(NSS_CMSContentInfo_GetContentTypeTag(
&(digd->contentInfo))))
version = NSS_CMS_DIGESTED_DATA_VERSION_ENCAP;
dummy = SEC_ASN1EncodeInteger(digd->cmsg->poolp, &(digd->version), version);
@ -134,11 +135,16 @@ NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd)
SECStatus
NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd)
{
SECStatus rv =NSS_CMSContentInfo_Private_Init(&digd->contentInfo);
if (rv != SECSuccess) {
return SECFailure;
}
/* set up the digests */
if (digd->digestAlg.algorithm.len != 0 && digd->digest.len == 0) {
/* if digest is already there, do nothing */
digd->contentInfo.digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
if (digd->contentInfo.digcx == NULL)
digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
if (digd->contentInfo.privateInfo->digcx == NULL)
return SECFailure;
}
return SECSuccess;
@ -156,12 +162,12 @@ NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd)
{
SECStatus rv = SECSuccess;
/* did we have digest calculation going on? */
if (digd->contentInfo.digcx) {
rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.digcx,
if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) {
rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx,
digd->cmsg->poolp,
&(digd->digest));
/* error has been set by NSS_CMSDigestContext_FinishSingle */
digd->contentInfo.digcx = NULL;
digd->contentInfo.privateInfo->digcx = NULL;
}
return rv;
@ -177,12 +183,19 @@ NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd)
SECStatus
NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd)
{
SECStatus rv;
/* is there a digest algorithm yet? */
if (digd->digestAlg.algorithm.len == 0)
return SECFailure;
digd->contentInfo.digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
if (digd->contentInfo.digcx == NULL)
rv = NSS_CMSContentInfo_Private_Init(&digd->contentInfo);
if (rv != SECSuccess) {
return SECFailure;
}
digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
if (digd->contentInfo.privateInfo->digcx == NULL)
return SECFailure;
return SECSuccess;
@ -200,12 +213,12 @@ NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd)
{
SECStatus rv = SECSuccess;
/* did we have digest calculation going on? */
if (digd->contentInfo.digcx) {
rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.digcx,
if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) {
rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx,
digd->cmsg->poolp,
&(digd->cdigest));
/* error has been set by NSS_CMSDigestContext_FinishSingle */
digd->contentInfo.digcx = NULL;
digd->contentInfo.privateInfo->digcx = NULL;
}
return rv;

33
security/nss/lib/smime/cmsencdata.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* CMS encryptedData methods.
*
* $Id: cmsencdata.c,v 1.11 2008/02/03 06:08:49 nelson%bolyard.com Exp $
* $Id: cmsencdata.c,v 1.11.56.2 2011/02/11 03:57:50 emaldona%redhat.com Exp $
*/
#include "cmslocal.h"
@ -181,6 +181,7 @@ NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd)
NSSCMSContentInfo *cinfo;
PK11SymKey *bulkkey;
SECAlgorithmID *algid;
SECStatus rv;
cinfo = &(encd->contentInfo);
@ -192,12 +193,16 @@ NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd)
if (algid == NULL)
return SECFailure;
rv = NSS_CMSContentInfo_Private_Init(cinfo);
if (rv != SECSuccess) {
return SECFailure;
}
/* this may modify algid (with IVs generated in a token).
* it is therefore essential that algid is a pointer to the "real" contentEncAlg,
* not just to a copy */
cinfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
PK11_FreeSymKey(bulkkey);
if (cinfo->ciphcx == NULL)
if (cinfo->privateInfo->ciphcx == NULL)
return SECFailure;
return SECSuccess;
@ -209,9 +214,9 @@ NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd)
SECStatus
NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd)
{
if (encd->contentInfo.ciphcx) {
NSS_CMSCipherContext_Destroy(encd->contentInfo.ciphcx);
encd->contentInfo.ciphcx = NULL;
if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) {
NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx);
encd->contentInfo.privateInfo->ciphcx = NULL;
}
/* nothing to do after data */
@ -244,8 +249,14 @@ NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd)
NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
cinfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
if (cinfo->ciphcx == NULL)
rv = NSS_CMSContentInfo_Private_Init(cinfo);
if (rv != SECSuccess) {
goto loser;
}
rv = SECFailure;
cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
if (cinfo->privateInfo->ciphcx == NULL)
goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
@ -264,9 +275,9 @@ loser:
SECStatus
NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd)
{
if (encd->contentInfo.ciphcx) {
NSS_CMSCipherContext_Destroy(encd->contentInfo.ciphcx);
encd->contentInfo.ciphcx = NULL;
if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) {
NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx);
encd->contentInfo.privateInfo->ciphcx = NULL;
}
return SECSuccess;

185
security/nss/lib/smime/cmsencode.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* CMS encoding.
*
* $Id: cmsencode.c,v 1.6.66.1 2010/12/23 18:03:41 kaie%kuix.de Exp $
* $Id: cmsencode.c,v 1.6.66.5 2011/02/11 03:57:50 emaldona%redhat.com Exp $
*/
#include "cmslocal.h"
@ -92,8 +92,23 @@ nss_cms_encoder_out(void *arg, const char *buf, unsigned long len,
#ifdef CMSDEBUG
int i;
const char *data_name = "unknown";
fprintf(stderr, "kind = %d, depth = %d, len = %d\n", data_kind, depth, len);
switch (data_kind) {
case SEC_ASN1_Identifier:
data_name = "identifier";
break;
case SEC_ASN1_Length:
data_name = "length";
break;
case SEC_ASN1_Contents:
data_name = "contents";
break;
case SEC_ASN1_EndOfContents:
data_name = "end-of-contents";
break;
}
fprintf(stderr, "kind = %s, depth = %d, len = %d\n", data_name, depth, len);
for (i=0; i < len; i++) {
fprintf(stderr, " %02x%s", (unsigned int)buf[i] & 0xff, ((i % 16) == 15) ? "\n" : "");
}
@ -159,34 +174,17 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth)
* Watch for the content field, at which point we want to instruct
* the ASN.1 encoder to start taking bytes from the buffer.
*/
switch (p7ecx->type) {
default:
case SEC_OID_UNKNOWN:
/* we're still in the root message */
if (after && dest == &(rootcinfo->contentType)) {
/* got the content type OID now - so find out the type tag */
p7ecx->type = NSS_CMSContentInfo_GetContentTypeTag(rootcinfo);
/* set up a pointer to our current content */
p7ecx->content = rootcinfo->content;
}
break;
case SEC_OID_PKCS7_DATA:
if (before && dest == &(rootcinfo->rawContent)) {
if (NSS_CMSType_IsData(p7ecx->type)) {
cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
if (before && dest == &(cinfo->rawContent)) {
/* just set up encoder to grab from user - no encryption or digesting */
if ((item = rootcinfo->content.data) != NULL)
if ((item = cinfo->content.data) != NULL)
(void)nss_cms_encoder_work_data(p7ecx, NULL, item->data, item->len, PR_TRUE, PR_TRUE);
else
SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
SEC_ASN1EncoderClearNotifyProc(p7ecx->ecx); /* no need to get notified anymore */
}
break;
case SEC_OID_PKCS7_SIGNED_DATA:
case SEC_OID_PKCS7_ENVELOPED_DATA:
case SEC_OID_PKCS7_DIGESTED_DATA:
case SEC_OID_PKCS7_ENCRYPTED_DATA:
} else if (NSS_CMSType_IsWrapper(p7ecx->type)) {
/* when we know what the content is, we encode happily until we reach the inner content */
cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
@ -199,19 +197,32 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth)
p7ecx->error = PORT_GetError();
}
if (before && dest == &(cinfo->rawContent)) {
if (childtype == SEC_OID_PKCS7_DATA && (item = cinfo->content.data) != NULL)
/* we have data - feed it in */
(void)nss_cms_encoder_work_data(p7ecx, NULL, item->data, item->len, PR_TRUE, PR_TRUE);
else
/* else try to get it from user */
if (p7ecx->childp7ecx == NULL) {
if ((NSS_CMSType_IsData(childtype) && (item = cinfo->content.data) != NULL)) {
/* we are the innermost non-data and we have data - feed it in */
(void)nss_cms_encoder_work_data(p7ecx, NULL, item->data, item->len, PR_TRUE, PR_TRUE);
} else {
/* else we'll have to get data from user */
SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
}
} else {
/* if we have a nested encoder, wait for its data */
SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
}
}
if (after && dest == &(cinfo->rawContent)) {
if (nss_cms_after_data(p7ecx) != SECSuccess)
p7ecx->error = PORT_GetError();
SEC_ASN1EncoderClearNotifyProc(p7ecx->ecx); /* no need to get notified anymore */
}
break;
} else {
/* we're still in the root message */
if (after && dest == &(rootcinfo->contentType)) {
/* got the content type OID now - so find out the type tag */
p7ecx->type = NSS_CMSContentInfo_GetContentTypeTag(rootcinfo);
/* set up a pointer to our current content */
p7ecx->content = rootcinfo->content;
}
}
}
@ -247,7 +258,11 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
rv = NSS_CMSEncryptedData_Encode_BeforeData(p7ecx->content.encryptedData);
break;
default:
rv = SECFailure;
if (NSS_CMSType_IsWrapper(p7ecx->type)) {
rv = NSS_CMSGenericWrapperData_Encode_BeforeData(p7ecx->type, p7ecx->content.genericData);
} else {
rv = SECFailure;
}
}
if (rv != SECSuccess)
return SECFailure;
@ -258,14 +273,7 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
switch (childtype) {
case SEC_OID_PKCS7_SIGNED_DATA:
case SEC_OID_PKCS7_ENVELOPED_DATA:
case SEC_OID_PKCS7_ENCRYPTED_DATA:
case SEC_OID_PKCS7_DIGESTED_DATA:
#if 0
case SEC_OID_PKCS7_DATA: /* XXX here also??? maybe yes! */
#endif
if (NSS_CMSType_IsWrapper(childtype)) {
/* in these cases, we need to set up a child encoder! */
/* create new encoder context */
childp7ecx = PORT_ZAlloc(sizeof(NSSCMSEncoderContext));
@ -284,6 +292,8 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
childp7ecx->output.destpoolp = NULL;
childp7ecx->output.dest = NULL;
childp7ecx->cmsg = p7ecx->cmsg;
childp7ecx->ecxupdated = PR_FALSE;
childp7ecx->childp7ecx = NULL;
template = NSS_CMSUtil_GetTemplateByTypeTag(childtype);
if (template == NULL)
@ -303,11 +313,8 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
case SEC_OID_PKCS7_ENCRYPTED_DATA:
rv = NSS_CMSEncryptedData_Encode_BeforeStart(cinfo->content.encryptedData);
break;
case SEC_OID_PKCS7_DATA:
rv = SECSuccess;
break;
default:
PORT_Assert(0);
rv = NSS_CMSGenericWrapperData_Encode_BeforeStart(childp7ecx->type, cinfo->content.genericData);
break;
}
if (rv != SECSuccess)
@ -321,17 +328,17 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
if (childp7ecx->ecx == NULL)
goto loser;
childp7ecx->ecxupdated = PR_FALSE;
/*
* Indicate that we are streaming. We will be streaming until we
* get past the contents bytes.
*/
SEC_ASN1EncoderSetStreaming(childp7ecx->ecx);
if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream)
SEC_ASN1EncoderSetStreaming(childp7ecx->ecx);
/*
* The notify function will watch for the contents field.
*/
p7ecx->childp7ecx = childp7ecx;
SEC_ASN1EncoderSetNotifyProc(childp7ecx->ecx, nss_cms_encoder_notify, childp7ecx);
/* please note that we are NOT calling SEC_ASN1EncoderUpdate here to kick off the */
@ -339,22 +346,11 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
/* otherwise we'd be encoding data from a call of the notify function of the */
/* parent encoder (which would not work) */
/* this will kick off the encoding process & encode everything up to the content bytes,
* at which point the notify function sets streaming mode (and possibly creates
* another child encoder). */
if (SEC_ASN1EncoderUpdate(childp7ecx->ecx, NULL, 0) != SECSuccess)
goto loser;
p7ecx->childp7ecx = childp7ecx;
break;
case SEC_OID_PKCS7_DATA:
} else if (NSS_CMSType_IsData(childtype)) {
p7ecx->childp7ecx = NULL;
break;
default:
} else {
/* we do not know this type */
p7ecx->error = SEC_ERROR_BAD_DER;
break;
}
return SECSuccess;
@ -364,6 +360,7 @@ loser:
if (childp7ecx->ecx)
SEC_ASN1EncoderFinish(childp7ecx->ecx);
PORT_Free(childp7ecx);
p7ecx->childp7ecx = NULL;
}
return SECFailure;
}
@ -387,11 +384,12 @@ nss_cms_after_data(NSSCMSEncoderContext *p7ecx)
case SEC_OID_PKCS7_ENCRYPTED_DATA:
rv = NSS_CMSEncryptedData_Encode_AfterData(p7ecx->content.encryptedData);
break;
case SEC_OID_PKCS7_DATA:
/* do nothing */
break;
default:
rv = SECFailure;
if (NSS_CMSType_IsWrapper(p7ecx->type)) {
rv = NSS_CMSGenericWrapperData_Encode_AfterData(p7ecx->type, p7ecx->content.genericData);
} else {
rv = SECFailure;
}
break;
}
return rv;
@ -432,23 +430,23 @@ nss_cms_encoder_work_data(NSSCMSEncoderContext *p7ecx, SECItem *dest,
}
/* Update the running digest. */
if (len && cinfo->digcx != NULL)
NSS_CMSDigestContext_Update(cinfo->digcx, data, len);
if (len && cinfo->privateInfo && cinfo->privateInfo->digcx != NULL)
NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len);
/* Encrypt this chunk. */
if (cinfo->ciphcx != NULL) {
if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
unsigned int inlen; /* length of data being encrypted */
unsigned int outlen; /* length of encrypted data */
unsigned int buflen; /* length available for encrypted data */
inlen = len;
buflen = NSS_CMSCipherContext_EncryptLength(cinfo->ciphcx, inlen, final);
buflen = NSS_CMSCipherContext_EncryptLength(cinfo->privateInfo->ciphcx, inlen, final);
if (buflen == 0) {
/*
* No output is expected, but the input data may be buffered
* so we still have to call Encrypt.
*/
rv = NSS_CMSCipherContext_Encrypt(cinfo->ciphcx, NULL, NULL, 0,
rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, NULL, NULL, 0,
data, inlen, final);
if (final) {
len = 0;
@ -465,7 +463,7 @@ nss_cms_encoder_work_data(NSSCMSEncoderContext *p7ecx, SECItem *dest,
if (buf == NULL) {
rv = SECFailure;
} else {
rv = NSS_CMSCipherContext_Encrypt(cinfo->ciphcx, buf, &outlen, buflen,
rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen,
data, inlen, final);
data = buf;
len = outlen;
@ -481,12 +479,12 @@ nss_cms_encoder_work_data(NSSCMSEncoderContext *p7ecx, SECItem *dest,
* (which will encode it, then hand it back to the user or the parent encoder)
* We don't encode the data if we're innermost and we're told not to include the data
*/
if (p7ecx->ecx != NULL && len && (!innermost || cinfo->rawContent != NULL))
if (p7ecx->ecx != NULL && len && (!innermost || cinfo->rawContent != cinfo->content.pointer))
rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, (const char *)data, len);
done:
if (cinfo->ciphcx != NULL) {
if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
if (dest != NULL) {
dest->data = buf;
dest->len = len;
@ -532,6 +530,7 @@ NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
NSSCMSEncoderContext *p7ecx;
SECStatus rv;
NSSCMSContentInfo *cinfo;
SECOidTag tag;
NSS_CMSMessage_SetEncodingParams(cmsg, pwfn, pwfn_arg, decrypt_key_cb, decrypt_key_cb_arg,
detached_digestalgs, detached_digests);
@ -551,7 +550,8 @@ NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
switch (tag) {
case SEC_OID_PKCS7_SIGNED_DATA:
rv = NSS_CMSSignedData_Encode_BeforeStart(cinfo->content.signedData);
break;
@ -565,7 +565,12 @@ NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
rv = NSS_CMSEncryptedData_Encode_BeforeStart(cinfo->content.encryptedData);
break;
default:
rv = SECFailure;
if (NSS_CMSType_IsWrapper(tag)) {
rv = NSS_CMSGenericWrapperData_Encode_BeforeStart(tag,
p7ecx->content.genericData);
} else {
rv = SECFailure;
}
break;
}
if (rv != SECSuccess) {
@ -587,7 +592,8 @@ NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
* Indicate that we are streaming. We will be streaming until we
* get past the contents bytes.
*/
SEC_ASN1EncoderSetStreaming(p7ecx->ecx);
if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream)
SEC_ASN1EncoderSetStreaming(p7ecx->ecx);
/*
* The notify function will watch for the contents field.
@ -597,6 +603,7 @@ NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
/* this will kick off the encoding process & encode everything up to the content bytes,
* at which point the notify function sets streaming mode (and possibly creates
* a child encoder). */
p7ecx->ecxupdated = PR_TRUE;
if (SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0) != SECSuccess) {
PORT_Free (p7ecx);
return NULL;
@ -627,6 +634,13 @@ NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned lo
/* hand data to the innermost decoder */
if (p7ecx->childp7ecx) {
/* tell the child to start encoding, up to its first data byte, if it
* hasn't started yet */
if (!p7ecx->childp7ecx->ecxupdated) {
p7ecx->childp7ecx->ecxupdated = PR_TRUE;
if (SEC_ASN1EncoderUpdate(p7ecx->childp7ecx->ecx, NULL, 0) != SECSuccess)
return SECFailure;
}
/* recursion here */
rv = NSS_CMSEncoder_Update(p7ecx->childp7ecx, data, len);
} else {
@ -640,7 +654,7 @@ NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned lo
}
childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
if (childtype != SEC_OID_PKCS7_DATA)
if (!NSS_CMSType_IsData(childtype))
return SECFailure;
/* and we must not have preset data */
if (cinfo->content.data != NULL)
@ -721,6 +735,16 @@ NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx)
* while we are already in NSS_CMSEncoder_Finish, but that's allright.
*/
if (p7ecx->childp7ecx) {
/* tell the child to start encoding, up to its first data byte, if it
* hasn't yet */
if (!p7ecx->childp7ecx->ecxupdated) {
p7ecx->childp7ecx->ecxupdated = PR_TRUE;
rv = SEC_ASN1EncoderUpdate(p7ecx->childp7ecx->ecx, NULL, 0);
if (rv != SECSuccess) {
NSS_CMSEncoder_Finish(p7ecx->childp7ecx); /* frees p7ecx->childp7ecx */
goto loser;
}
}
rv = NSS_CMSEncoder_Finish(p7ecx->childp7ecx); /* frees p7ecx->childp7ecx */
if (rv != SECSuccess)
goto loser;
@ -737,7 +761,6 @@ NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx)
p7ecx->childp7ecx = NULL;
/* find out about our inner content type - must be data */
cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
if (!cinfo) {
/* The original programmer didn't expect this to happen */
@ -745,14 +768,10 @@ NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx)
rv = SECFailure;
goto loser;
}
childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
if (childtype == SEC_OID_PKCS7_DATA && cinfo->content.data == NULL) {
SEC_ASN1EncoderClearTakeFromBuf(p7ecx->ecx);
/* now that TakeFromBuf is off, this will kick this encoder to finish encoding */
rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0);
}
SEC_ASN1EncoderClearTakeFromBuf(p7ecx->ecx);
SEC_ASN1EncoderClearStreaming(p7ecx->ecx);
/* now that TakeFromBuf is off, this will kick this encoder to finish encoding */
rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0);
if (p7ecx->error)
rv = SECFailure;

32
security/nss/lib/smime/cmsenvdata.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* CMS envelopedData methods.
*
* $Id: cmsenvdata.c,v 1.11 2005/10/03 22:01:57 relyea%netscape.com Exp $
* $Id: cmsenvdata.c,v 1.11.142.2 2011/02/11 03:57:50 emaldona%redhat.com Exp $
*/
#include "cmslocal.h"
@ -270,6 +270,7 @@ NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd)
NSSCMSContentInfo *cinfo;
PK11SymKey *bulkkey;
SECAlgorithmID *algid;
SECStatus rv;
cinfo = &(envd->contentInfo);
@ -281,12 +282,16 @@ NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd)
if (algid == NULL)
return SECFailure;
rv = NSS_CMSContentInfo_Private_Init(cinfo);
if (rv != SECSuccess) {
return SECFailure;
}
/* this may modify algid (with IVs generated in a token).
* it is essential that algid is a pointer to the contentEncAlg data, not a
* pointer to a copy! */
cinfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid);
cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid);
PK11_FreeSymKey(bulkkey);
if (cinfo->ciphcx == NULL)
if (cinfo->privateInfo->ciphcx == NULL)
return SECFailure;
return SECSuccess;
@ -298,9 +303,9 @@ NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd)
SECStatus
NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd)
{
if (envd->contentInfo.ciphcx) {
NSS_CMSCipherContext_Destroy(envd->contentInfo.ciphcx);
envd->contentInfo.ciphcx = NULL;
if (envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) {
NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx);
envd->contentInfo.privateInfo->ciphcx = NULL;
}
/* nothing else to do after data */
@ -380,8 +385,13 @@ NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd)
bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
cinfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
if (cinfo->ciphcx == NULL)
rv = NSS_CMSContentInfo_Private_Init(cinfo);
if (rv != SECSuccess) {
goto loser;
}
rv = SECFailure;
cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
if (cinfo->privateInfo->ciphcx == NULL)
goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
@ -401,9 +411,9 @@ loser:
SECStatus
NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd)
{
if (envd && envd->contentInfo.ciphcx) {
NSS_CMSCipherContext_Destroy(envd->contentInfo.ciphcx);
envd->contentInfo.ciphcx = NULL;
if (envd && envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) {
NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx);
envd->contentInfo.privateInfo->ciphcx = NULL;
}
return SECSuccess;

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше